Skip to main content
CVE-2023-27107 HIGH POC This Week

Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Server Print Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2291 HIGH POC This Week

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho PostgreSQL Authentication Bypass Manageengine Access Manager Plus Manageengine Pam360 +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-29835 HIGH POC This Week

Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dr Fone
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29596 HIGH POC This Week

Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Cmix
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27978 HIGH POC This Week

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tooljet
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-1387 HIGH POC This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-30266 HIGH This Week

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cltphp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28009 HIGH This Week

HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Workload Automation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-28008 HIGH This Week

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Workload Automation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26567 HIGH This Week

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freepbx Linux 7
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-30269 HIGH This Week

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Cltphp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-26286 HIGH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26735 HIGH This Week

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blackbox Exporter
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30846 HIGH PATCH This Week

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Typed Rest Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-27559 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30546 HIGH PATCH This Week

Contiki-NG is an operating system for Internet of Things devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30112 HIGH This Week

Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Medicine Tracker System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2273 HIGH This Week

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Insight Agent
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29257 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft IBM Db2
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy