Skip to main content
CVE-2023-2236 HIGH POC This Week

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27035 HIGH POC This Week

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Obsidian
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-30063 HIGH POC This Week

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 890L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30061 HIGH POC This Week

D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 879 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22919 HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nbg6604 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25492 HIGH This Week

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0683 HIGH This Week

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0896 HIGH This Week

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Clock Essential With Alexa Built In Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2235 HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22922 HIGH PATCH This Week

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22921 HIGH PATCH This Week

A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy