Skip to main content
CVE-2023-26864 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smplredirectionsmanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1177 CRITICAL POC PATCH THREAT Act Now

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
9.8
EPSS
69.5%
CVE-2023-27042 HIGH POC This Week

Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28446 HIGH POC PATCH This Week

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Deno
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-25350 HIGH POC This Week

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Faveo Helpdesk
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-20958 HIGH POC This Week

In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-24625 MEDIUM POC This Month

Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Faveo Servicedesk
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28435 MEDIUM POC This Month

Dataease is an open source data visualization and analysis tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dataease
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45597 CRITICAL Act Now

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23149 CRITICAL Act Now

DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dek 1705 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28150 CRITICAL Act Now

An issue was discovered in Independentsoft JODF before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jodf
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28151 CRITICAL Act Now

An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jspreadsheet
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-21058 CRITICAL Act Now

In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-21057 CRITICAL Act Now

In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-20954 CRITICAL PATCH Act Now

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-20951 CRITICAL PATCH Act Now

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28152 CRITICAL Act Now

An issue was discovered in Independentsoft JWord before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jword
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28445 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Deno Deno Runtime Serde V8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-28443 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27242 MEDIUM POC This Month

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1616 MEDIUM POC This Month

A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teacms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-20960 HIGH This Week

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21068 HIGH This Week

In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21041 HIGH This Week

In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21040 HIGH This Week

In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21035 HIGH PATCH This Week

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21034 HIGH PATCH This Week

In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21030 HIGH PATCH This Week

In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21024 HIGH PATCH This Week

In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21022 HIGH PATCH This Week

In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21021 HIGH PATCH This Week

In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21017 HIGH PATCH This Week

In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21015 HIGH This Week

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21005 HIGH PATCH This Week

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21004 HIGH This Week

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21003 HIGH PATCH This Week

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21002 HIGH This Week

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21001 HIGH PATCH This Week

In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21000 HIGH PATCH This Week

In MediaCodec.cpp, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20995 HIGH This Week

In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20993 HIGH This Week

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20985 HIGH This Week

In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20975 HIGH This Week

In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20971 HIGH This Week

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20966 HIGH This Week

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20964 HIGH This Week

In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20963 HIGH KEV PATCH THREAT This Week

In WorkSource, there is a possible parcel mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-20959 HIGH This Week

In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20957 HIGH PATCH This Week

In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20955 HIGH PATCH This Week

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy