Skip to main content
CVE-2023-26984 HIGH POC This Week

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Peppermint
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-1680 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1683 HIGH POC This Week

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1682 HIGH POC This Week

A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1685 HIGH POC This Week

A vulnerability was found in HadSky up to 7.11.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Hadsky
NVD VulDB
CVSS 3.1
7.2
EPSS
4.1%
CVE-2023-1509 HIGH This Week

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF Gmace
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28508 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28506 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28505 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23861 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gmace
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0664 HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28642 HIGH PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Runc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28892 HIGH This Week

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adwcleaner
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0213 HIGH This Week

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft M Files
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28509 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unidata Universe
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0836 HIGH This Week

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1656 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Apple Microsoft Ldap Connector
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23355 HIGH This Week

An OS command injection vulnerability has been reported to affect QNAP operating systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr Qts Quts Hero +8
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-1652 HIGH PATCH This Week

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy