Skip to main content
CVE-2023-24147 HIGH POC This Week

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20854 HIGH PATCH This Week

VMware Workstation contains an arbitrary file deletion vulnerability. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Workstation
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2023-22474 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Node.js Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-45588 HIGH This Week

All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XXE Remote Engine Gen 2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0124 HIGH This Week

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dopsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0123 HIGH This Week

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Dopsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22746 HIGH PATCH This Week

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Ckan
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23941 HIGH PATCH This Week

SwagPayPal is a PayPal integration for shopware/platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Swagpaypal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23932 HIGH PATCH This Week

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opendds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23925 HIGH PATCH This Week

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Switcher Client
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0659 HIGH This Week

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 1704 Wgl Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0658 HIGH This Week

A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Re057 Firmware Re170 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-24029 HIGH This Week

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ws Ftp Server
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy