Skip to main content
CVE-2023-29421 HIGH POC This Week

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bzip3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1802 HIGH POC This Week

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Desktop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29008 HIGH PATCH This Week

The SvelteKit framework offers developers an option to create simple REST APIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Google SSRF Apple Authentication Bypass Mozilla +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-23801 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Really Simple Google Tag Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-20655 HIGH This Week

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-0652 HIGH This Week

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25542 HIGH This Week

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Trusted Device Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24537 HIGH PATCH This Week

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-24536 HIGH PATCH This Week

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-24534 HIGH PATCH This Week

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-1912 HIGH PATCH This Week

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Limit Login Attempts
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-28046 HIGH PATCH This Week

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Dell Display Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy