Skip to main content
CVE-2023-29887 HIGH POC This Week

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Spreadsheet Reader
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2023-21931 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Weblogic Server
NVD GitHub
CVSS 3.1
7.5
EPSS
82.3%
CVE-2023-29855 HIGH POC This Week

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Wbce Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-2154 HIGH POC This Week

A vulnerability was found in SourceCodester Task Reminder System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Task Reminder System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-2150 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Task Reminder System 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Task Reminder System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-29410 HIGH PATCH This Week

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Insighthome Firmware Insightfacility Firmware Conext Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28003 HIGH This Week

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25547 HIGH This Week

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Struxureware Data Center Expert
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22294 HIGH This Week

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25556 HIGH This Week

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Merten Instabus Tastermodul 1Fach System M Firmware Merten Instabus Tastermodul 2Fach System M Firmware Merten Tasterschnittstelle 4Fach Plus Firmware Merten Knx Argus 180 2 20M Up System Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-27976 HIGH This Week

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-21923 HIGH PATCH This Week

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Health Sciences Inform
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2023-21990 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-25555 HIGH This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Struxureware Data Center Expert
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-25552 HIGH This Week

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Struxureware Data Center Expert
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-25554 HIGH This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Struxureware Data Center Expert
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21987 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21948 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21985 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-30608 HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29413 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-21996 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21979 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-21964 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21912 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Mysql Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-21930 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2023-21932 HIGH This Week

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Authentication Bypass Hospitality Opera 5 Property Services
NVD
CVSS 3.1
7.2
EPSS
44.7%
CVE-2023-21980 HIGH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass MySQL
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-21896 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-28143 HIGH This Week

Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older). Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Apple Cloud Agent
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-28142 HIGH This Week

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Microsoft Cloud Agent
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-28140 HIGH This Week

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Cloud Agent
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy