Skip to main content
CVE-2023-27569 CRITICAL POC Act Now

The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eo Tags
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1537 CRITICAL POC PATCH Act Now

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Answer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1306 HIGH POC This Week

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection Insightappsec Insightcloudsec
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-1304 HIGH POC This Week

An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Insightappsec Insightcloudsec
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-27842 HIGH POC This Week

Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Extplorer
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-1543 HIGH POC PATCH This Week

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0391 HIGH POC This Week

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1305 HIGH POC This Week

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insightappsec Insightcloudsec
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-24709 HIGH POC THREAT This Week

An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Ipr512 Firmware
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
44.2%
CVE-2023-27087 HIGH POC This Week

Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xxl Job
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1545 HIGH POC PATCH This Week

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Teampass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
8.4%
CVE-2023-1153 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Pacsrapor
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-26497 CRITICAL Act Now

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos Modem 5300 Firmware Exynos Modem 5123 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-1529 CRITICAL Act Now

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25684 CRITICAL PATCH Act Now

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27570 CRITICAL PATCH Act Now

The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Eo Tags
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1542 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-1536 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1535 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1527 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1540 MEDIUM POC PATCH This Month

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1539 MEDIUM POC PATCH This Month

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1538 MEDIUM POC PATCH This Month

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1462 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse.03.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Digikent
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1534 HIGH This Week

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1533 HIGH This Week

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1532 HIGH This Week

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1531 HIGH This Week

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-1530 HIGH This Week

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1528 HIGH This Week

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27874 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Aspera Faspex
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-27984 HIGH PATCH This Week

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-27981 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27982 HIGH PATCH This Week

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-27980 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Authentication Bypass Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1314 HIGH PATCH This Week

A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cloudflared
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27978 HIGH PATCH This Week

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Deserialization Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
7.8
EPSS
6.5%
CVE-2023-1541 LOW POC PATCH Monitor

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
3.8
EPSS
0.6%
CVE-2023-25923 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27871 HIGH PATCH This Week

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25134 MEDIUM This Month

McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Total Protection
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-27873 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27979 MEDIUM PATCH This Month

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-1154 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.22. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pacsrapor
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-25686 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1262 MEDIUM This Month

Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wireless Smart Ubiquitous Network Linux Border Router Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1261 MEDIUM This Month

Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wi Sun Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-25689 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-27983 MEDIUM PATCH This Month

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-27977 MEDIUM PATCH This Month

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy