Skip to main content
CVE-2023-29017 CRITICAL POC PATCH THREAT Act Now

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
63.2%
CVE-2023-1908 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Mobile Comparison Website
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29421 HIGH POC This Week

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bzip3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1802 HIGH POC This Week

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Desktop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29420 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Bzip3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29419 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Bzip3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29418 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Bzip3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29417 MEDIUM POC This Month

An issue was discovered in libbzip3.a in bzip3 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bzip3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-29416 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Bzip3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29415 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bzip3 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29475 CRITICAL Act Now

inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29474 CRITICAL Act Now

inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29473 CRITICAL Act Now

webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28500 CRITICAL Act Now

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Adobe Deserialization Livecycle Es4
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0580 CRITICAL Act Now

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure My Control System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-24538 CRITICAL PATCH Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Google Go
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-0750 CRITICAL Act Now

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yellobrik Pec 1864 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-29465 MEDIUM POC PATCH This Month

SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Flintqs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29008 HIGH PATCH This Week

The SvelteKit framework offers developers an option to create simple REST APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Google SSRF Apple Authentication Bypass Mozilla +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-23801 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Really Simple Google Tag Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-20655 HIGH This Week

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-0652 HIGH This Week

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25542 HIGH This Week

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Trusted Device Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24537 HIGH PATCH This Week

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-24536 HIGH PATCH This Week

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-24534 HIGH PATCH This Week

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-1912 HIGH PATCH This Week

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Limit Login Attempts
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-26083 LOW POC KEV THREAT Monitor

Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
3.3
EPSS
1.4%
CVE-2023-28046 HIGH PATCH This Week

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Dell Display Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-20682 MEDIUM This Month

In wlan, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20681 MEDIUM This Month

In adsp, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20680 MEDIUM This Month

In adsp, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20670 MEDIUM This Month

In audio, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20666 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20664 MEDIUM This Month

In gz, there is a possible double free due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20663 MEDIUM This Month

In wlan, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20662 MEDIUM This Month

In wlan, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20661 MEDIUM This Month

In wlan, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20659 MEDIUM This Month

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20658 MEDIUM This Month

In isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20657 MEDIUM This Month

In mtee, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20656 MEDIUM This Month

In geniezone, there is a possible out of bounds write due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20654 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20653 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20652 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-29010 MEDIUM PATCH This Month

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Budibase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20687 MEDIUM This Month

In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20686 MEDIUM This Month

In display drm, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20685 MEDIUM This Month

In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20684 MEDIUM This Month

In vdec, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy