Skip to main content
CVE-2023-22855 CRITICAL POC THREAT Act Now

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Kardex Control Center
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-0841 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0850 HIGH POC This Week

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Denial Of Service Wndr3700 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25578 HIGH POC PATCH This Week

Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Starlite
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0361 HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.4
EPSS
1.4%
CVE-2023-25765 CRITICAL PATCH Act Now

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Email Extension
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2023-0849 CRITICAL Act Now

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Wndr3700 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-23462 CRITICAL Act Now

Libpeconv - integer overflow, before commit 75b1565 (30/11/2022). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Libpeconv
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23461 CRITICAL Act Now

Libpeconv - access violation, before commit b076013 (30/11/2022). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libpeconv
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23460 CRITICAL Act Now

Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Priority
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23459 CRITICAL Act Now

Priority Windows may allow Command Execution via SQL Injection using an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Priority
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22807 CRITICAL Act Now

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-22804 CRITICAL Act Now

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25156 CRITICAL PATCH Act Now

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0102 CRITICAL Act Now

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-23465 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Media Control Panel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25767 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Microsoft CSRF Azure Credentials
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25011 HIGH This Week

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pc Settings Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20927 HIGH This Week

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22368 HIGH PATCH This Week

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Camera Assistant Quickfiledealer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0848 HIGH This Week

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Wndr3700 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24498 HIGH This Week

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosafe Fs726Tp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23466 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Media Control Panel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-23464 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Information Disclosure Media Control Panel
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23463 HIGH This Week

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sn Xvr3804E1 Firmware Sn Xvr3808E2 Firmware Sn Adr3804E1 Firmware Sn Adr3808E1 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22806 HIGH This Week

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-22803 HIGH This Week

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0103 HIGH This Week

If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25191 HIGH This Week

AMI MegaRAC SPX devices allow Password Disclosure through Redfish. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24580 HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.6%
CVE-2023-22377 HIGH This Week

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Tsclinical Define Xml Generator Tsclinical Metadata Desktop Tools
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2023-23836 HIGH This Week

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
80.3%
CVE-2023-23458 MEDIUM This Month

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sn Xvr3804E1 Firmware Sn Xvr3808E2 Firmware Sn Adr3804E1 Firmware Sn Adr3808E1 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25768 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23467 MEDIUM This Month

Media CP Media Control Panel latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Media Control Panel
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25171 MEDIUM PATCH This Month

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-20949 MEDIUM This Month

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-25764 MEDIUM PATCH This Month

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Email Extension
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25763 MEDIUM PATCH This Month

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Email Extension
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25762 MEDIUM PATCH This Month

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Pipeline
NVD
CVSS 3.1
5.4
EPSS
81.4%
CVE-2023-25761 MEDIUM PATCH This Month

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Junit
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0840 MEDIUM This Month

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Phpcrazy
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25192 MEDIUM This Month

AMI MegaRAC SPX devices allow User Enumeration through Redfish. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-24499 MEDIUM This Month

Butterfly Button plugin may leave traces of its use on user's device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Butterfly Button
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-23850 MEDIUM PATCH This Month

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Synopsys Coverity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-23848 MEDIUM PATCH This Month

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Synopsys Coverity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-22805 MEDIUM This Month

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-25766 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-23847 LOW PATCH Monitor

A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Synopsys Coverity
NVD
CVSS 3.1
3.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy