Skip to main content
CVE-2023-29084 HIGH POC THREAT Act Now

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zoho Manageengine Admanager Plus
NVD GitHub
CVSS 3.1
7.2
EPSS
98.4%
CVE-2023-27779 CRITICAL POC Act Now

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Am Presencia
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27748 CRITICAL POC Act Now

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dr750 2Ch Lte Firmware Dr750 2Ch Ir Lte Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27746 CRITICAL POC Act Now

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr750 2Ch Lte Firmware Dr750 2Ch Ir Lte Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29598 CRITICAL POC Act Now

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lmxcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27812 CRITICAL POC Act Now

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bloofoxcms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-22951 HIGH POC This Week

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cloud Tigergraph Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29597 HIGH POC This Week

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24509 HIGH POC This Week

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30637 HIGH POC This Week

Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Braft
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-30636 HIGH POC This Week

TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tikv
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30635 HIGH POC This Week

TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tikv
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27747 HIGH POC This Week

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dr750 2Ch Lte Firmware Dr750 2Ch Ir Lte Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27772 HIGH POC PATCH This Week

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30630 HIGH POC PATCH This Week

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Dmidecode
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-22950 MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tigergraph
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-27667 CRITICAL Act Now

Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Auto Dealer Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29573 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2021 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22948 MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tigergraph
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-2014 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1326 HIGH PATCH This Week

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apport Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-26416 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26415 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26414 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26413 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26412 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26411 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26410 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26409 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26398 HIGH This Week

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21630 HIGH PATCH This Week

Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Qca6391 Firmware Qca6574 Firmware Qca6574a Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20118 HIGH KEV THREAT This Week

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
54.1%
CVE-2023-20866 MEDIUM PATCH This Month

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Session
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20863 MEDIUM PATCH This Month

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-26264 MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26263 MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25954 MEDIUM This Month

KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mobile Print
NVD
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy