Skip to main content
CVE-2023-26493 HIGH POC PATCH This Week

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Cocos Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-28627 HIGH POC PATCH This Week

pymedusa is an automatic video library manager for TV Shows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Medusa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0955 HIGH POC This Week

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1647 HIGH POC PATCH This Week

Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cal Com
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28430 HIGH POC PATCH This Week

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection React Native Onesignal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-0441 HIGH POC This Week

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simply Gallery Blocks With Lightbox
NVD WPScan
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-0179 HIGH POC This Week

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Integer Overflow RCE +13
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2023-1655 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-24094 HIGH POC This Week

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Memory Corruption Buffer Overflow Routeros
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-0210 HIGH POC PATCH THREAT This Week

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Heap Overflow Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
71.7%
CVE-2023-27296 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Deserialization Inlong
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-1144 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-1143 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1141 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-1139 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1137 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1134 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24837 HIGH This Week

HGiga PowerStation remote management function has insufficient filtering for user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Powerstation Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-25817 HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-25017 HIGH This Week

RIFARTEK IOT Wall has a vulnerability of incorrect authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Iot Wall
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-26547 HIGH This Week

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28596 HIGH This Week

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25908 HIGH PATCH This Week

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-25874 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25873 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25872 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25871 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25870 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25869 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25868 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25867 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25866 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25865 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25864 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25863 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1078 HIGH PATCH This Week

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0494 HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption X Server Fedora +16
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-1654 HIGH PATCH This Week

Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1145 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1135 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26549 HIGH This Week

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-26548 HIGH This Week

The pgmng module has a vulnerability in serialization/deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-20860 HIGH PATCH This Week

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-28597 HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22247 HIGH PATCH This Week

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Code Injection Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1138 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1136 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28867 HIGH PATCH This Week

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25828 HIGH PATCH This Week

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-24841 HIGH This Week

HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oaklouds Mailsherlock
NVD
CVSS 3.1
7.2
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy