Skip to main content
CVE-2023-0386 HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2023-28663 HIGH POC This Week

The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Formidable Pro2Pdf
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28661 HIGH POC This Week

The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Popup Banners
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28660 HIGH POC This Week

The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Events Made Easy
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28659 HIGH POC This Week

The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Waiting
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28434 HIGH POC KEV PATCH THREAT This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
6.7%
CVE-2023-1578 HIGH POC PATCH THREAT This Week

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
65.1%
CVE-2023-28432 HIGH POC KEV THREAT This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Minio
NVD GitHub
CVSS 3.1
7.5
EPSS
84.0%
CVE-2023-1436 HIGH POC PATCH This Week

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jettison
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1370 HIGH POC PATCH This Week

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Json Smart
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27856 HIGH POC THREAT This Week

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Path Traversal Thinmanager
NVD
CVSS 3.1
7.5
EPSS
76.1%
CVE-2023-1559 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Storage Unit Rental Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-28433 HIGH PATCH This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Microsoft Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25924 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-25594 HIGH This Week

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25069 HIGH This Week

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Txone Stellarone
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1168 HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Arubaos Cx
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28438 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

CSRF SQLi Pimcore
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-25820 HIGH PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26426 HIGH This Week

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26358 HIGH This Week

Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Creative Cloud
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25861 HIGH This Week

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25860 HIGH This Week

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25859 HIGH This Week

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1281 HIGH PATCH This Week

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Privilege Escalation Linux Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25590 HIGH This Week

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28431 HIGH PATCH This Week

Frontier is an Ethereum compatibility layer for Substrate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frontier
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28119 HIGH PATCH This Week

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Saml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0464 HIGH PATCH This Week

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2023-27857 HIGH This Week

In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell Thinmanager
NVD
CVSS 3.1
7.5
EPSS
18.3%
CVE-2023-28685 HIGH This Week

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Absint A3
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy