Skip to main content
CVE-2023-27351 HIGH POC KEV THREAT Act Now

Authentication bypass in PaperCut NG and PaperCut MF print management software allows unauthenticated remote attackers to access protected functionality by exploiting flawed logic in the SecurityRequestFilter class. The flaw is confirmed actively exploited (CISA KEV) and has publicly available exploit code, with an EPSS score of 44.63% (98th percentile) indicating very high exploitation likelihood. It is commonly chained with administrative scripting features to achieve remote code execution on exposed PaperCut servers.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
44.6%
Threat
5.8
CVE-2023-27355 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE One Firmware S1 +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27352 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption One Firmware S1 +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2176 HIGH PATCH This Week

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Privilege Escalation Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23579 HIGH This Week

Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Crosscadware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2112 HIGH This Week

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass M Files Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28047 HIGH PATCH This Week

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Dell Display Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0384 HIGH This Week

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0383 HIGH This Week

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-20865 HIGH This Week

VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Command Injection Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy