Skip to main content
CVE-2023-0611 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01.ccp of the component Web Management Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-24956 HIGH POC This Week

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Forget Heart Message Box
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0454 HIGH POC This Week

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Orangescrum
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-0341 HIGH POC PATCH This Week

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow RCE Editorconfig
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47768 HIGH POC This Week

Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fast Checkin
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-0618 HIGH POC This Week

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0617 HIGH POC This Week

A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0613 HIGH POC This Week

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-23135 HIGH POC This Week

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ftdms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24610 HIGH This Week

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Nosh Chartingsystem
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-22575 HIGH This Week

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-23692 HIGH This Week

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Data Domain Os
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-20856 HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-0524 HIGH This Week

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nessus Tenable Io Tenable Sc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22374 HIGH This Week

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
8.5
EPSS
72.6%
CVE-2023-22574 HIGH This Week

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22657 HIGH This Week

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection F5Os A F5Os C
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22358 HIGH This Week

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Big Ip Access Policy Manager Big Ip Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22572 HIGH This Week

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23969 HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2023-23555 HIGH This Week

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23552 HIGH This Week

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-22842 HIGH This Week

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22839 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Domain Name System Big Ip Local Traffic Manager Big Ip 10000S Firmware +31
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22664 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22422 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22341 HIGH This Week

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22340 HIGH This Week

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22323 HIGH This Week

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22281 HIGH This Week

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23132 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23131 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0612 HIGH This Week

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24977 HIGH This Week

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apache Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23846 HIGH This Week

Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy