Skip to main content
CVE-2023-28384 HIGH POC THREAT Act Now

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD GitHub
CVSS 3.1
8.8
EPSS
44.8%
CVE-2023-28770 HIGH POC THREAT Act Now

The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Dx5401 B0 Firmware
NVD
CVSS 3.1
7.5
EPSS
57.8%
CVE-2023-25437 HIGH POC THREAT This Week

An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vcs754A Firmware
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2023-2338 HIGH POC PATCH This Week

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26243 HIGH POC This Week

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-26245 HIGH POC This Week

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-26244 HIGH POC This Week

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-26246 HIGH POC This Week

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-30380 HIGH POC This Week

An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dedecms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29169 HIGH This Week

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29150 HIGH This Week

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28716 HIGH This Week

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-28400 HIGH This Week

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
24.6%
CVE-2023-30850 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-30624 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-30849 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-30848 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24836 HIGH This Week

SUNNET CTMS has vulnerability of path traversal within its file uploading function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ehrd Ctms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-30847 HIGH PATCH This Week

H2O is an HTTP server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service H2O
NVD GitHub
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-21712 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition RCE Microsoft Windows 10 Windows 10 1607 +13
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-2355 HIGH PATCH This Week

Local privilege escalation due to a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2331 HIGH This Week

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.3.12 through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Surelock
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31287 HIGH PATCH This Week

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Serene Startsharp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2335 HIGH This Week

Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials3.12 through 2.40.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Surelock
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-29255 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy