Skip to main content
CVE-2023-21529 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Microsoft Exchange Server 2013, 2016, and 2019 allows authenticated attackers to execute arbitrary code on the server via insecure deserialization of untrusted data (CWE-502). The vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and carries an EPSS score of 36.68% (97th percentile), placing it among the highest-risk vulnerabilities. Successful exploitation yields full compromise of confidentiality, integrity, and availability on the targeted Exchange Server.

RCE Microsoft Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
36.7%
Threat
5.9
CVE-2023-22629 HIGH POC THREAT This Week

An issue was discovered in TitanFTP through 1.94.1205. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
12.3%
CVE-2023-22934 HIGH POC This Week

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2023-24187 HIGH POC This Week

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Ureport
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-21799 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-21798 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-21797 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-21717 HIGH PATCH This Week

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-21713 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sql Server
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-21707 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
82.0%
CVE-2023-21706 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2023-21705 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-21695 HIGH PATCH This Week

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 +12
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-21686 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-21685 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-21684 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-22939 HIGH This Week

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22935 HIGH This Week

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25149 HIGH PATCH This Week

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Authentication Bypass Timescaledb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25065 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs - Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Tabs
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24382 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Material Design Icons For Page Builders
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25066 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Fv Flowplayer Video Player
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24523 HIGH This Week

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Command Injection Host Agent
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22375 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cs Wmv02G Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-21777 HIGH PATCH This Week

Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Azure App Service On Azure Stack
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2023-23374 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

RCE Google Microsoft Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2023-21806 HIGH PATCH This Week

Power BI Report Server Spoofing Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Power Bi Report Server
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-25564 HIGH PATCH This Week

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Denial Of Service Gss Ntlmssp
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2023-21778 HIGH PATCH This Week

Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Dynamics 365
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2023-23618 HIGH PATCH This Week

Git for Windows is the Windows port of the revision control system Git. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Git For Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23381 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21823 HIGH KEV PATCH THREAT This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2023-21815 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow RCE Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-21808 HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Net Visual Studio 2017 +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-21566 HIGH PATCH This Week

Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23390 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23379 HIGH PATCH This Week

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Defender For Iot
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23378 HIGH PATCH This Week

Print 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Print 3D
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23377 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23376 HIGH KEV PATCH THREAT This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
10.9%
CVE-2023-21822 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 +12
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-21817 HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Windows 10 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-21812 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2023-21809 HIGH PATCH This Week

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Defender Security Intelligence Updates
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21805 HIGH PATCH This Week

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21804 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21802 HIGH PATCH This Week

Windows Media Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21801 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21800 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Server 2008
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-21718 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Sql Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy