Skip to main content
CVE-2023-27490 HIGH POC PATCH This Week

NextAuth.js is an open source authentication solution for Next.js applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Next Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25573 HIGH POC THREAT This Week

metersphere is an open source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
49.9%
CVE-2023-26948 HIGH POC This Week

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Onekeyadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27974 HIGH POC This Week

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1293 HIGH This Week

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-0623 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0622 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0621 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27986 HIGH PATCH This Week

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Code Injection Emacs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27985 HIGH PATCH This Week

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-20049 HIGH This Week

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27483 HIGH PATCH This Week

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Crossplane Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1288 HIGH This Week

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Enovia Live Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy