Skip to main content
CVE-2023-24903 HIGH PATCH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-29343 HIGH PATCH This Week

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Sysmon
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-29341 HIGH PATCH This Week

AV1 Video Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Av1 Video Extension
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29340 HIGH PATCH This Week

AV1 Video Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Av1 Video Extension
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24953 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24949 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 +6
NVD
CVSS 3.1
7.8
EPSS
24.6%
CVE-2023-24946 HIGH PATCH This Week

Windows Backup Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24905 HIGH PATCH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Authentication Bypass Windows 10 20H2 Windows 10 21h2 Windows 10 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24902 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 11 21H2 Windows 11 22h2
NVD
CVSS 3.1
7.8
EPSS
5.1%
CVE-2023-30986 HIGH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29092 HIGH This Week

An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware Exynos 5300 Firmware Exynos 980 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30056 HIGH This Week

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Origination Manager Decision
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29104 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2023-30740 HIGH This Week

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-29335 HIGH PATCH This Week

Microsoft Word Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2156 HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2023-28127 HIGH This Week

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avalanche
NVD
CVSS 3.1
7.5
EPSS
58.6%
CVE-2023-20524 HIGH This Week

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Epyc 72F3 Firmware Epyc 7313 Firmware Epyc 7313P Firmware +45
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29325 HIGH PATCH This Week

Windows OLE Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.5
EPSS
84.4%
CVE-2023-24942 HIGH PATCH This Week

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-24940 HIGH PATCH This Week

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-24939 HIGH PATCH This Week

Server for NFS Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 20H2 +8
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2023-24901 HIGH PATCH This Week

Windows NFS Portmapper Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-24898 HIGH PATCH This Week

Windows SMB Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2022
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-31139 HIGH This Week

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dhis 2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31137 HIGH PATCH This Week

MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Maradns Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-29106 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29105 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2590 LOW POC PATCH Monitor

Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Answer
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2023-32111 HIGH This Week

In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow SAP Powerdesigner Proxy
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24948 HIGH PATCH This Week

Windows Bluetooth Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +8
NVD
CVSS 3.1
7.4
EPSS
1.0%
CVE-2023-31975 LOW POC Monitor

yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yasm
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2023-28832 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-28762 HIGH This Week

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-24904 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Server 2008
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-24899 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2 Windows Server 2022
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-24932 MEDIUM PATCH This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
6.7
EPSS
10.6%
CVE-2023-29338 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2022-4537 MEDIUM This Month

The Hide My WP Ghost - Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Hide My Wp Ghost
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-29324 MEDIUM PATCH This Month

Windows MSHTML Platform Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-24954 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-24950 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
67.5%
CVE-2023-24944 MEDIUM PATCH This Month

Windows Bluetooth Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 +6
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32060 MEDIUM This Month

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Dhis 2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31138 MEDIUM This Month

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dhis 2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31801 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25831 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25830 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25829 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31144 MEDIUM PATCH This Month

Craft CMS is a content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy