Skip to main content
CVE-2023-25266 HIGH POC This Week

An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Tornado
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-20937 HIGH POC PATCH This Week

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Google Use After Free Privilege Escalation Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26256 HIGH POC THREAT This Week

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Stagil Navigation
NVD GitHub
CVSS 3.1
7.5
EPSS
11.6%
CVE-2023-26255 HIGH POC THREAT This Week

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Stagil Navigation
NVD GitHub
CVSS 3.1
7.5
EPSS
47.9%
CVE-2023-25265 HIGH POC This Week

Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tornado
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25264 HIGH POC This Week

An issue was discovered in Docmosis Tornado prior to version 2.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tornado
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26105 HIGH POC This Week

All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Utilities
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-27320 HIGH POC This Week

Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sudo Fedora
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-25432 HIGH POC This Week

An issue was discovered in Online Reviewer Management System v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Reviewer Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-24419 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Formidable Form Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1017 HIGH This Week

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Trusted Platform Module +11
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-20945 HIGH PATCH This Week

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20944 HIGH PATCH This Week

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20943 HIGH PATCH This Week

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20940 HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20939 HIGH PATCH This Week

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20938 HIGH PATCH This Week

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-20934 HIGH PATCH This Week

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20933 HIGH PATCH This Week

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0461 HIGH PATCH This Week

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-22995 HIGH PATCH This Week

In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23689 HIGH PATCH This Week

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell A200 Firmware A2000 Firmware H400 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20948 HIGH PATCH This Week

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25540 HIGH PATCH This Week

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy