Skip to main content
CVE-2023-0480 HIGH POC This Week

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vitalpbx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29003 HIGH POC PATCH This Week

SvelteKit is a web development framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass CSRF Sveltekit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0265 HIGH POC This Week

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Community Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25356 HIGH POC This Week

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Sipxcom
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-25355 HIGH POC This Week

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sipxcom
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-28840 HIGH POC PATCH This Week

Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Linux Docker Moby
NVD GitHub
CVSS 3.1
8.7
EPSS
2.7%
CVE-2023-0835 HIGH POC This Week

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Pdf
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-27089 HIGH POC This Week

Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XSS Ehuacui Bbs
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-27771 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Creative Centerr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27770 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edraw Max
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27769 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdf Reader
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27768 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdfelement
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27767 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr Fone
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27766 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anireel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27765 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Recoverit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27764 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Repairit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27763 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mobiletrans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27762 HIGH POC This Week

An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Democreator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27761 HIGH POC This Week

An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uniconverter
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27760 HIGH POC This Week

An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filmora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27759 HIGH POC This Week

An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Edrawmind
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26991 HIGH POC This Week

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26733 HIGH POC This Week

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tinytiff
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27496 HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26976 HIGH POC THREAT This Week

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
15.9%
CVE-2023-26855 HIGH POC This Week

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27091 HIGH POC This Week

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teacms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-25305 HIGH POC PATCH This Week

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Polymc
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-25303 HIGH POC This Week

ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlauncher
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-1820 HIGH This Week

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1818 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1815 HIGH This Week

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1812 HIGH This Week

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1811 HIGH This Week

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1810 HIGH This Week

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29323 HIGH PATCH This Week

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Opensmtpd Openbsd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26775 HIGH This Week

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP Monitorr
NVD GitHub
CVSS 3.1
7.8
EPSS
49.4%
CVE-2023-25941 HIGH PATCH This Week

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25940 HIGH PATCH This Week

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1750 HIGH This Week

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy