Skip to main content
CVE-2023-22973 HIGH POC PATCH This Week

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Openemr
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-0966 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0962 HIGH POC This Week

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22974 HIGH POC PATCH This Week

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure PHP Openemr
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-23063 HIGH POC This Week

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nvt Web Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-26314 HIGH This Week

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0941 HIGH This Week

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0933 HIGH This Week

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0932 HIGH This Week

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Microsoft Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0931 HIGH This Week

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0930 HIGH This Week

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0929 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0928 HIGH This Week

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0927 HIGH This Week

Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-20855 HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-0964 HIGH This Week

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Sales Tracker Management System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-0104 HIGH This Week

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easybuilder Pro
NVD
CVSS 3.1
7.8
EPSS
21.8%
CVE-2023-25579 HIGH PATCH This Week

Nextcloud server is a self hosted home cloud product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23040 HIGH PATCH This Week

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure TP-Link Tl Wr940n Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20858 HIGH PATCH This Week

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Carbon Black App Control
NVD
CVSS 3.1
7.2
EPSS
16.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy