Skip to main content
CVE-2023-1094 HIGH POC This Week

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-1031 HIGH POC This Week

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-0768 HIGH POC This Week

The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Hotels Online Booking Engine
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0603 HIGH POC THREAT This Week

The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Sloth Logo Customizer
NVD WPScan
CVSS 3.1
8.8
EPSS
13.9%
CVE-2023-2575 HIGH POC PATCH THREAT This Week

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Eki 1521 Firmware Eki 1522 Firmware Eki 1524 Firmware
NVD
CVSS 3.1
8.8
EPSS
15.5%
CVE-2023-2574 HIGH POC PATCH This Week

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eki 1521 Firmware Eki 1522 Firmware Eki 1524 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-2573 HIGH POC PATCH This Week

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eki 1521 Firmware Eki 1522 Firmware Eki 1524 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-31038 HIGH POC This Week

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Log4Cxx
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-32233 HIGH POC PATCH THREAT This Week

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.8
EPSS
13.0%
CVE-2023-30257 HIGH POC This Week

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow M6 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-30837 HIGH POC PATCH This Week

Vyper is a pythonic smart contract language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2114 HIGH POC THREAT This Week

The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Nex Forms
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
44.6%
CVE-2023-1408 HIGH POC This Week

The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Video List Manager
NVD WPScan
CVSS 3.1
7.2
EPSS
3.2%
CVE-2023-1347 HIGH POC THREAT This Week

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Customizer Export Import
NVD WPScan
CVSS 3.1
7.2
EPSS
16.0%
CVE-2023-31127 HIGH PATCH This Week

libspdm is a sample implementation that follows the DMTF SPDM specifications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Libspdm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27935 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-27934 HIGH This Week

A memory initialization issue was addressed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-23532 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30844 HIGH PATCH This Week

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mutagen Mutagen Compose
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22790 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22789 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22788 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-27967 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-27944 HIGH This Week

This issue was addressed with a new entitlement. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-2534 HIGH This Week

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Otrs
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-28181 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27970 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27969 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple RCE Memory Corruption +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27965 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27960 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27959 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27957 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27949 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27946 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27938 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27937 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27936 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23540 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23536 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23525 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30840 HIGH PATCH This Week

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Fluid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31181 HIGH This Week

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Innokb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31179 HIGH This Week

AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agilepoint Nx
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31133 HIGH PATCH This Week

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghost
NVD GitHub
CVSS 3.1
7.5
EPSS
45.7%
CVE-2023-24506 HIGH This Week

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ncr Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24505 HIGH This Week

Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ncr Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27963 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Authentication Bypass Ipados Iphone Os +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30855 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP SQLi Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30551 HIGH PATCH This Week

Rekor is an open source software supply chain transparency log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Rekor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22787 HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aruba Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy