Skip to main content
CVE-2023-28528 HIGH POC PATCH Act Now

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection IBM Vios Aix
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-24269 HIGH POC This Week

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30854 HIGH POC PATCH This Week

AVideo is an open source video platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2023-29815 HIGH POC This Week

mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2375 HIGH POC This Week

A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
6.6%
CVE-2023-2374 HIGH POC This Week

A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.5%
CVE-2023-2378 HIGH POC This Week

A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2377 HIGH POC This Week

A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2376 HIGH POC This Week

A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2373 HIGH POC This Week

A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Edgemax Edgerouter Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2022-38583 HIGH POC This Week

On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Sage 300
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31483 HIGH POC PATCH This Week

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Cbang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30858 HIGH POC PATCH This Week

The Denosaurs emoji package provides emojis for dinosaurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Emoji
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2379 HIGH POC This Week

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Denial Of Service Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-2356 HIGH POC PATCH This Week

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-29057 HIGH This Week

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1477 HIGH This Week

Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.10.2, before 8.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Authenticator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25496 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Authentication Bypass Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31436 HIGH PATCH This Week

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-31444 HIGH This Week

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Studio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26022 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26021 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1968 HIGH This Week

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iscan Firmware Iseq 100 Firmware Miniseq Firmware Miseq Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-30455 HIGH This Week

An issue was discovered in ebankIT before 7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ebankit
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27555 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2360 HIGH This Week

Sensitive information disclosure due to CORS misconfiguration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Information Disclosure Cyber Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28882 HIGH This Week

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modsecurity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27557 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-27556 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy