Skip to main content
CVE-2023-28252 HIGH POC KEV PATCH THREAT Act Now

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
49.0%
CVE-2023-26122 CRITICAL POC Act Now

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Safe Eval
NVD GitHub
CVSS 3.1
10.0
EPSS
2.1%
CVE-2023-26121 CRITICAL POC Act Now

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Safe Eval
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2023-21554 CRITICAL POC PATCH THREAT Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD GitHub
CVSS 3.1
9.8
EPSS
95.5%
CVE-2023-1984 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1983 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27192 CRITICAL POC Act Now

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Super Security
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27645 CRITICAL POC Act Now

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Poweramp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28231 HIGH POC PATCH THREAT This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Heap Overflow Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
8.8
EPSS
36.9%
CVE-2023-22614 HIGH POC This Week

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-1976 HIGH POC PATCH This Week

Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-28288 HIGH POC PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Microsoft Sharepoint Foundation Sharepoint Server
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
6.2%
CVE-2023-25409 HIGH POC This Week

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pe8108 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-28311 HIGH POC PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.7%
CVE-2023-28293 HIGH POC PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +10
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.9%
CVE-2023-28285 HIGH POC PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +2
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
3.0%
CVE-2023-25413 HIGH POC This Week

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pe8108 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26964 HIGH POC PATCH This Week

An issue was discovered in hyper v0.13.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2 Hyper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27179 HIGH POC THREAT This Week

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gdidees Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
60.8%
CVE-2023-26917 HIGH POC This Week

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27191 HIGH POC This Week

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Super Security
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25407 HIGH POC This Week

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pe8108 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1987 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1986 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1985 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0.php?f=save_brand. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-28229 HIGH POC KEV PATCH THREAT This Week

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). Public exploit code available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.0
EPSS
1.9%
CVE-2023-1975 MEDIUM POC PATCH This Month

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1974 MEDIUM POC PATCH This Month

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23277 MEDIUM POC This Month

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snippet Box
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28808 CRITICAL Act Now

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Authentication Bypass Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +7
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28250 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-28489 CRITICAL Act Now

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cp 8031 Firmware Cp 8050 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-29492 CRITICAL KEV THREAT Act Now

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Novi Survey
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-28765 CRITICAL Act Now

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
14.9%
CVE-2023-27497 CRITICAL Act Now

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Diagnostics Agent
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29576 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24182 MEDIUM POC PATCH This Month

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25415 MEDIUM POC This Month

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pe8108 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25414 MEDIUM POC This Month

Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pe8108 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-0645 CRITICAL PATCH Act Now

An out of bounds read exists in libjxl. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libjxl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-22613 HIGH This Week

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28297 HIGH PATCH This Week

Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1607 +9
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-28275 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-28243 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28240 HIGH PATCH This Week

Windows Network Load Balancing Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows Server 2008 +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-24929 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-24928 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-24927 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-24926 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-24925 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.6%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy