Skip to main content
CVE-2023-24323 HIGH POC This Week

Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Mojoportal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-23912 HIGH POC This Week

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti RCE Usg Firmware Usg Pro 4 Firmware Er 10X Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22794 HIGH POC PATCH This Week

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Activerecord
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-0759 HIGH POC PATCH This Week

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-0770 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0760 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23626 HIGH POC PATCH This Week

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Go Bitfield
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24685 HIGH POC This Week

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-24684 HIGH POC This Week

ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-21444 HIGH This Week

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Flow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21443 HIGH This Week

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Code Injection Google Flow
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22953 HIGH This Week

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Expressionengine
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-25168 HIGH PATCH This Week

Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.

Information Disclosure Wings
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-21451 HIGH This Week

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21445 HIGH This Week

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21439 HIGH This Week

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21433 HIGH This Week

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2023-21432 HIGH This Week

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Things
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21430 HIGH This Week

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21421 HIGH This Week

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21420 HIGH This Week

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23592 HIGH PATCH This Week

WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bastion Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23631 HIGH PATCH This Week

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Unixfsnode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-23625 HIGH PATCH This Week

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Unixfs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22799 HIGH PATCH This Week

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Globalid
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-22796 HIGH PATCH This Week

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Activesupport
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-22795 HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-22792 HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21419 HIGH This Week

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy