Skip to main content
CVE-2023-0493 HIGH POC PATCH This Week

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2023-0455 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bumsys
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-23619 HIGH POC PATCH MAL This Week

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Modelina
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-23614 HIGH POC This Week

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Web Interface
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24057 HIGH POC PATCH This Week

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Path Traversal Hl7 Fhir Core Fhir Ig Publisher
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-22486 HIGH POC This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-0509 HIGH POC PATCH This Week

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Pyload Pyload Ng
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-0516 HIGH POC This Week

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-0515 HIGH POC This Week

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical.php of the component Parameter Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24458 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Bearychat
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24452 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Testquality Updater
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24447 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rabbitmq Consumer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24446 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Openid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24437 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24434 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Github Pull Request Builder
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24432 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Orka By Macstadium
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24426 HIGH This Week

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24424 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-24422 HIGH PATCH This Week

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Jenkins Command Injection Script Security
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-23612 HIGH PATCH This Week

OpenSearch is an open source distributed and RESTful search engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opensearch
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-22482 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0444 HIGH This Week

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-22736 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2023-0284 HIGH This Week

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-20928 HIGH This Week

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20925 HIGH This Week

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20920 HIGH This Week

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20919 HIGH This Week

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20916 HIGH This Week

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20915 HIGH This Week

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20913 HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20912 HIGH This Week

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20905 HIGH This Week

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20904 HIGH This Week

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22500 HIGH This Week

GLPI is a Free Asset and IT Management Software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0451 HIGH This Week

Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0356 HIGH This Week

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Net Vision
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23609 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-20921 HIGH This Week

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-0412 HIGH PATCH This Week

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy