Skip to main content
CVE-2023-24323 HIGH POC This Week

Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mojoportal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-23912 HIGH POC This Week

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti RCE Usg Firmware Usg Pro 4 Firmware Er 10X Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22794 HIGH POC PATCH This Week

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Activerecord
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-0759 HIGH POC PATCH This Week

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-0770 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0760 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23626 HIGH POC PATCH This Week

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Go Bitfield
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24685 HIGH POC This Week

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24684 HIGH POC This Week

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24322 MEDIUM POC THREAT This Month

A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mojoportal
NVD GitHub
CVSS 3.1
6.1
EPSS
31.7%
CVE-2023-22798 MEDIUM POC This Month

Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Adblock Lists
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0624 MEDIUM POC This Month

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0745 CRITICAL Act Now

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Yugabytedb Managed
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0575 CRITICAL Act Now

External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Microsoft Yugabytedb
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0574 CRITICAL Act Now

Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Yugabytedb Managed
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0758 CRITICAL Act Now

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jfinaloa
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24690 MEDIUM POC This Month

ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24687 MEDIUM POC This Month

Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mojoportal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24688 MEDIUM POC This Month

An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mojoportal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-24815 MEDIUM POC PATCH This Month

Vert.x-Web is a set of building blocks for building web applications in the java programming language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Vert X Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-24686 MEDIUM POC This Month

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-21444 HIGH This Week

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Flow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21443 HIGH This Week

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Google Flow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22953 HIGH This Week

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Expressionengine
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-24689 MEDIUM POC This Month

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mojoportal
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-25168 HIGH PATCH This Week

Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.

Information Disclosure Wings
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-21451 HIGH This Week

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21445 HIGH This Week

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21439 HIGH This Week

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21433 HIGH This Week

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2023-21432 HIGH This Week

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Things
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21430 HIGH This Week

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21421 HIGH This Week

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21420 HIGH This Week

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23592 HIGH PATCH This Week

WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bastion Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23631 HIGH PATCH This Week

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Unixfsnode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-23625 HIGH PATCH This Week

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Unixfs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22799 HIGH PATCH This Week

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Globalid
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-22796 HIGH PATCH This Week

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Activesupport
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-22795 HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-22792 HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21419 HIGH This Week

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-21427 MEDIUM This Month

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22797 MEDIUM PATCH This Month

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Actionpack Rails
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-21434 MEDIUM This Month

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
6.1
EPSS
12.9%
CVE-2023-21446 MEDIUM This Month

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21442 MEDIUM This Month

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21441 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21440 MEDIUM This Month

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21437 MEDIUM This Month

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy