Skip to main content
CVE-2023-29527 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29526 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29525 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
77.8%
CVE-2023-29524 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
76.3%
CVE-2023-29523 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-29522 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29521 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29519 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29518 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29516 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
65.9%
CVE-2023-29514 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29512 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29510 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-22893 HIGH POC PATCH This Week

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Strapi
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2023-30463 HIGH POC This Week

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29517 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Information Disclosure Microsoft Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27043 MEDIUM POC CISA This Month

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Fedora Active Iq Unified Manager Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
Threat
4.6
CVE-2023-22621 HIGH POC PATCH THREAT This Week

Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Strapi
NVD GitHub
CVSS 3.1
7.2
EPSS
76.8%
CVE-2023-30605 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30558 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30557 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30556 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30555 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30554 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30553 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30552 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-29520 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1585 MEDIUM POC This Month

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Antivirus Anti Virus
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-23451 CRITICAL Act Now

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ue410 En3 Firmware Ue410 En1 Firmware Ue410 En3S04 Firmware Ue410 En4 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21096 CRITICAL PATCH Act Now

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Google Use After Free RCE Memory Corruption +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-2136 CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
9.6
EPSS
5.8%
CVE-2023-1587 MEDIUM POC This Month

Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Antivirus Anti Virus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27776 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Jewelry Shop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29515 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-29922 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
3.0%
CVE-2023-29923 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
9.5%
CVE-2023-29921 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22894 MEDIUM POC PATCH This Month

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
4.9
EPSS
1.7%
CVE-2023-21085 HIGH PATCH This Week

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25760 HIGH This Week

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tripleplay
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22645 HIGH This Week

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubewarden Controller
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2137 HIGH This Week

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2134 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2133 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29513 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-28122 HIGH This Week

A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21100 HIGH PATCH This Week

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21099 HIGH PATCH This Week

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21098 HIGH PATCH This Week

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21097 HIGH PATCH This Week

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy