Skip to main content
CVE-2023-27159 HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
36.2%
Threat
4.1
CVE-2023-1762 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1747 HIGH POC This Week

A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26485 HIGH POC PATCH This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24824 HIGH POC PATCH This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26925 HIGH POC This Week

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27160 HIGH POC This Week

{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-26830 HIGH POC This Week

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Centrestack
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-28727 HIGH This Week

Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aiseg2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28726 HIGH This Week

Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aiseg2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28464 HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel H300s Firmware H410c Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28877 HIGH This Week

The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apps Graphql
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0344 HIGH This Week

Akuvox E11 appears to be using a custom version of dropbear SSH server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0343 HIGH This Week

Akuvox E11 contains a function that encrypts messages which are then forwarded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1769 HIGH This Week

A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy