Skip to main content
CVE-2023-0841 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0850 HIGH POC This Week

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Denial Of Service Wndr3700 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25578 HIGH POC PATCH This Week

Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Starlite
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0361 HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.4
EPSS
1.4%
CVE-2023-23465 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Media Control Panel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25767 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Microsoft CSRF Azure Credentials
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25011 HIGH This Week

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pc Settings Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20927 HIGH This Week

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22368 HIGH PATCH This Week

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Camera Assistant Quickfiledealer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0848 HIGH This Week

A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Wndr3700 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24498 HIGH This Week

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosafe Fs726Tp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23466 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Media Control Panel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-23464 HIGH This Week

Media CP Media Control Panel latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Information Disclosure Media Control Panel
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23463 HIGH This Week

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sn Xvr3804E1 Firmware Sn Xvr3808E2 Firmware Sn Adr3804E1 Firmware Sn Adr3808E1 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22806 HIGH This Week

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-22803 HIGH This Week

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0103 HIGH This Week

If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbc Dn32U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25191 HIGH This Week

AMI MegaRAC SPX devices allow Password Disclosure through Redfish. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24580 HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.6%
CVE-2023-22377 HIGH This Week

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Tsclinical Define Xml Generator Tsclinical Metadata Desktop Tools
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2023-23836 HIGH This Week

SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
80.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy