Skip to main content
CVE-2023-28128 HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
CVSS 3.1
7.2
EPSS
84.7%
CVE-2023-24955 HIGH POC KEV PATCH THREAT Act Now

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD GitHub
CVSS 3.1
7.2
EPSS
85.4%
CVE-2023-2595 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Establishment Billing Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31976 HIGH POC This Week

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2610 HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-30237 HIGH POC This Week

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft Cyberghost
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29336 HIGH POC KEV PATCH THREAT This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Windows 10 1507 Windows 10 1607 +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
40.9%
CVE-2023-31982 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31981 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31979 HIGH POC This Week

Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Catdoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44283 HIGH POC PATCH This Week

A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Shieldstore
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31478 HIGH POC THREAT This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
29.7%
CVE-2023-31474 HIGH POC This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31472 HIGH POC THREAT This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware +29
NVD GitHub
CVSS 3.1
7.5
EPSS
19.9%
CVE-2023-31490 HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-31476 HIGH POC This Week

An issue was discovered on GL.iNet devices running firmware before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl Mv1000W Firmware Gl Mv1000 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2596 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Reviewer System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-27407 CRITICAL Act Now

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2023-28316 CRITICAL Act Now

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20520 CRITICAL Act Now

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Epyc 72F3 Firmware Epyc 7313 Firmware +61
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24943 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-24941 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
9.8
EPSS
94.7%
CVE-2023-31143 CRITICAL PATCH Act Now

mage-ai is an open-source data pipeline tool for transforming and integrating data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mage Ai
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29461 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29460 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2594 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Food Ordering Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-31126 CRITICAL PATCH Act Now

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2023-2609 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-30086 MEDIUM POC This Month

Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Libtiff
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31489 MEDIUM POC This Month

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-30088 MEDIUM POC This Month

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30087 MEDIUM POC This Month

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30085 MEDIUM POC This Month

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30084 MEDIUM POC This Month

An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libming
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30083 MEDIUM POC This Month

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31973 MEDIUM POC This Month

yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31974 MEDIUM POC This Month

yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31972 MEDIUM POC This Month

yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2591 MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32113 CRITICAL Act Now

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Microsoft Gui For Windows
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2023-30744 CRITICAL Act Now

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-32071 CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
71.1%
CVE-2023-25832 HIGH This Week

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Portal For Arcgis
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24947 HIGH PATCH This Week

Windows Bluetooth Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1607 +6
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20046 HIGH This Week

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Staros
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-32069 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29462 HIGH This Week

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell RCE Arena
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30899 HIGH This Week

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Siveillance Video
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30898 HIGH This Week

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Siveillance Video
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28283 HIGH PATCH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy