Skip to main content
CVE-2023-0435 CRITICAL POC PATCH Act Now

Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pyload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0434 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pyload
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-24044 MEDIUM POC This Month

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Obsidian
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-24056 MEDIUM POC PATCH This Month

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Pkgconf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24058 MEDIUM POC This Month

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Booked
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-24059 HIGH This Week

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Grand Theft Auto V
NVD
CVSS 3.1
7.3
EPSS
1.5%
CVE-2023-24055 MEDIUM PATCH This Month

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Keepass
NVD
CVSS 3.1
5.5
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy