Skip to main content
CVE-2023-25348 HIGH POC This Week

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Churchcrm
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0045 HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux Active Iq Unified Manager H300s Firmware +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-28847 HIGH POC PATCH This Week

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29552 HIGH POC KEV THREAT This Week

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smi S Provider Manager Server Linux Enterprise Server ESXi +1
NVD GitHub
CVSS 3.1
7.5
EPSS
65.9%
CVE-2023-29779 HIGH POC This Week

Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service E1E G7F Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-20872 HIGH This Week

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30839 HIGH PATCH This Week

PrestaShop is an Open Source e-commerce web application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Prestashop
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-20869 HIGH This Week

VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow VMware Fusion Workstation
NVD
CVSS 3.1
8.2
EPSS
2.0%
CVE-2023-30549 HIGH PATCH This Week

Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Ubuntu Use After Free Privilege Escalation Linux +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29012 HIGH This Week

Git for Windows is the Windows port of Git. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Git For Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29011 HIGH This Week

Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Git For Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29007 HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Git Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
6.1%
CVE-2023-20871 HIGH This Week

VMware Fusion contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Fusion
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-28088 HIGH This Week

An HPE OneView appliance dump may expose SAN switch administrative credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26098 HIGH This Week

An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Apsal
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25652 HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Git Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
52.2%
CVE-2023-23837 HIGH This Week

No exception handling vulnerability which revealed sensitive or excessive information to users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Database Performance Analyzer
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28089 HIGH This Week

An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy