Skip to main content
CVE-2023-27486 HIGH POC PATCH This Week

xCAT is a toolkit for deployment and administration of computer clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xcat
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27088 HIGH POC This Week

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Feiqu Opensource
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-1277 HIGH POC This Week

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Command Injection Kylin System Updater
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2023-26956 HIGH POC This Week

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Onekeyadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1276 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SUL1SS_shop.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sul1Ss Shop
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-23760 HIGH This Week

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0089 HIGH This Week

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22891 HIGH This Week

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Zephyr Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-0030 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22892 HIGH This Week

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22890 HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24533 HIGH PATCH This Week

Multiplication of certain unreduced P-256 scalars produce incorrect results. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nistec
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27476 HIGH PATCH This Week

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Owslib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy