Skip to main content
CVE-2023-29213 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-27755 HIGH POC This Week

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Go Bbs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0765 HIGH POC This Week

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gallery
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2017 HIGH POC PATCH This Week

Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-27705 HIGH POC This Week

APNG_Optimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Buffer Overflow Apng Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-27733 HIGH POC This Week

DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerability via the component /dede/sys_sql_query.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-0277 HIGH POC This Week

The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wc Fields Factory
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-30539 HIGH PATCH This Week

Nextcloud is a personal home server system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Files Automated Tagging Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-28983 HIGH This Week

An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Command Injection Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-1109 HIGH This Week

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Energy Axc Pu Infobox Firmware Smartrtu Axc Sg Firmware Smartrtu Axc Ig Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28960 HIGH This Week

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Docker Junos Os Evolved
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-28966 HIGH This Week

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Os Evolved
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27911 HIGH This Week

A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-27910 HIGH This Week

A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27909 HIGH This Week

An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27907 HIGH This Week

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Maya Usd
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27906 HIGH This Week

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Maya Usd
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25010 HIGH This Week

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Maya Usd
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29197 HIGH PATCH This Week

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Psr 7 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28982 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28976 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28967 HIGH This Week

A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28965 HIGH This Week

An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28964 HIGH This Week

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1831 HIGH This Week

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28971 HIGH This Week

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Paragon Active Assurance
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-28973 HIGH This Week

An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy