Skip to main content
CVE-2023-27351 HIGH POC KEV THREAT Act Now

Authentication bypass in PaperCut NG and PaperCut MF print management software allows unauthenticated remote attackers to access protected functionality by exploiting flawed logic in the SecurityRequestFilter class. The flaw is confirmed actively exploited (CISA KEV) and has publicly available exploit code, with an EPSS score of 44.63% (98th percentile) indicating very high exploitation likelihood. It is commonly chained with administrative scripting features to achieve remote code execution on exposed PaperCut servers.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
44.6%
Threat
5.8
CVE-2023-27350 CRITICAL POC KEV THREAT Emergency

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Papercut Mf Papercut Ng
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-20864 CRITICAL POC THREAT Act Now

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
70.4%
CVE-2023-30076 CRITICAL POC Act Now

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29528 CRITICAL POC PATCH Act Now

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Commons
NVD GitHub
CVSS 3.1
9.0
EPSS
1.3%
CVE-2023-28458 MEDIUM POC PATCH This Month

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pretalx
NVD GitHub
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-28459 MEDIUM POC PATCH This Month

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pretalx
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2023-2131 CRITICAL Act Now

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-20873 CRITICAL PATCH Act Now

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Boot
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29926 CRITICAL Act Now

PowerJob V4.3.2 has unauthorized interface that causes remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Powerjob
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27652 MEDIUM POC This Month

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Super Clean
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27090 MEDIUM POC This Month

Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teacms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1767 MEDIUM POC This Month

The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Advisor
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2193 CRITICAL Act Now

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27355 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE One Firmware S1 +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27352 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption One Firmware S1 +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2191 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Azuracast
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2176 HIGH PATCH This Week

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Privilege Escalation Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23579 HIGH This Week

Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Crosscadware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2112 HIGH This Week

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass M Files Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28047 HIGH PATCH This Week

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Dell Display Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0384 HIGH This Week

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0383 HIGH This Week

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-20865 HIGH This Week

VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Command Injection Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-2194 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow RCE Linux Linux Kernel +2
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27354 MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE One Firmware S1 S2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27353 MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure One Firmware S1 +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-30616 MEDIUM PATCH This Month

Form block is a wordpress plugin designed to make form creation easier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Form Block
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-27495 MEDIUM PATCH This Month

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Csrf Protection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22309 MEDIUM This Month

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Checkmk Appliance Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1255 MEDIUM PATCH This Month

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure OpenSSL
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-2177 MEDIUM PATCH This Month

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22846 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22354 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22321 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22295 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23938 MEDIUM PATCH This Month

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-25601 MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass Dolphinscheduler
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy