Skip to main content
CVE-2023-25222 HIGH POC This Week

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1105 HIGH POC PATCH This Week

External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Flatpress
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-1127 HIGH POC PATCH This Week

Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-25221 HIGH POC This Week

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3855 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Port Mys
NVD VulDB
CVSS 3.1
8.8
EPSS
5.0%
CVE-2022-45608 HIGH This Week

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thingsboard
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0953 HIGH This Week

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0951 HIGH This Week

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0847 HIGH This Week

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dash7 Alliance Protcol
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26281 HIGH PATCH This Week

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-20014 HIGH This Week

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nexus Dashboard
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0460 HIGH This Week

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Youtube Android Player Api
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-22770 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22769 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22768 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22767 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22766 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22765 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22764 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22763 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22762 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22761 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22760 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22759 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22758 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-20009 HIGH This Week

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Email Security Appliance Secure Email And Web Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy