Skip to main content
CVE-2023-26817 HIGH POC This Week

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Codefever
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27180 HIGH POC This Week

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure PHP Gdidees Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26820 HIGH POC This Week

siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Siteproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28051 HIGH This Week

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28710 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-28707 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Drill
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-27876 HIGH PATCH This Week

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy