Skip to main content
CVE-2023-24552 HIGH This Week

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge Se2022 Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24551 HIGH This Week

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24550 HIGH This Week

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24549 HIGH This Week

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21553 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Azure Devops Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25577 HIGH PATCH This Week

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Werkzeug
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-23946 HIGH PATCH This Week

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Git
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-21819 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1809 +6
NVD
CVSS 3.1
7.5
EPSS
30.8%
CVE-2023-21818 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.5
EPSS
43.2%
CVE-2023-21816 HIGH PATCH This Week

Windows Active Directory Domain Services API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21813 HIGH PATCH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21811 HIGH PATCH This Week

Windows iSCSI Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21702 HIGH PATCH This Week

Windows iSCSI Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 +12
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21701 HIGH PATCH This Week

Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21700 HIGH PATCH This Week

Windows iSCSI Discovery Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21691 HIGH PATCH This Week

Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25567 HIGH PATCH This Week

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25566 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25565 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25563 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Gss Ntlmssp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22941 HIGH This Week

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25576 HIGH PATCH This Week

@fastify/multipart is a Fastify plugin to parse the multipart content-type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Fastify Multipart
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-25141 HIGH PATCH This Week

Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Sling Jcr Base
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23835 HIGH This Week

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mendix
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21820 HIGH PATCH This Week

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow RCE Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-22743 HIGH PATCH This Week

Git for Windows is the Windows port of the revision control system Git. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Microsoft Git For Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2023-21715 HIGH KEV PATCH THREAT This Week

Microsoft Publisher Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass 365 Apps
NVD
CVSS 3.1
7.3
EPSS
12.1%
CVE-2023-21568 HIGH PATCH This Week

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sql Server 2019 Integration Services Sql Server 2022 Integration Services
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-21710 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2023-21703 HIGH PATCH This Week

Azure Data Box Gateway Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Azure Data Box Gateway Azure Stack Edge
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-21564 HIGH PATCH This Week

Azure DevOps Server Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-0020 HIGH This Week

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-21694 MEDIUM PATCH This Month

Windows Fax Service Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 +12
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-0814 MEDIUM PATCH This Month

The Profile Builder - User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Profile Builder
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23382 MEDIUM PATCH This Month

Azure Machine Learning Compute Instance Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Machine Learning
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2023-21807 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-21721 MEDIUM PATCH This Month

Microsoft OneNote Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-21572 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24528 MEDIUM This Month

SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Fiori
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24524 MEDIUM This Month

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0019 MEDIUM This Month

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Grc Process Control
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22936 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk SSRF Splunk Cloud Platform
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-22932 MEDIUM This Month

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25614 MEDIUM This Month

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24529 MEDIUM This Month

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24522 MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24521 MEDIUM This Month

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23860 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23859 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23858 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy