Skip to main content
CVE-2023-29527 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29526 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29525 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
77.8%
CVE-2023-29524 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
76.3%
CVE-2023-29523 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-29522 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29521 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29519 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29518 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29516 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
65.9%
CVE-2023-29514 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29512 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29510 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-22893 HIGH POC PATCH This Week

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Strapi
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2023-30463 HIGH POC This Week

Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29517 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Information Disclosure Microsoft Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-22621 HIGH POC PATCH THREAT This Week

Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Strapi
NVD GitHub
CVSS 3.1
7.2
EPSS
76.8%
CVE-2023-21085 HIGH PATCH This Week

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25760 HIGH This Week

Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tripleplay
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22645 HIGH This Week

An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubewarden Controller
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2137 HIGH This Week

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2134 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2133 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28122 HIGH This Week

A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21100 HIGH PATCH This Week

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21099 HIGH PATCH This Week

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21098 HIGH PATCH This Week

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21097 HIGH PATCH This Week

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21094 HIGH PATCH This Week

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21093 HIGH PATCH This Week

In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21092 HIGH PATCH This Week

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21089 HIGH PATCH This Week

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21088 HIGH PATCH This Week

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21086 HIGH PATCH This Week

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21083 HIGH This Week

In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21081 HIGH PATCH This Week

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20967 HIGH This Week

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20950 HIGH PATCH This Week

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30797 HIGH PATCH This Week

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lemur
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25619 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Momentum Unity M1E Processor Firmware Modicon Mc80 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2135 HIGH This Week

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy