Skip to main content
CVE-2023-28128 HIGH POC THREAT Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Avalanche
NVD GitHub
CVSS 3.1
7.2
EPSS
84.7%
CVE-2023-24955 HIGH POC KEV PATCH THREAT Act Now

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD GitHub
CVSS 3.1
7.2
EPSS
85.4%
CVE-2023-31976 HIGH POC This Week

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2610 HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-30237 HIGH POC This Week

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microsoft Cyberghost
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29336 HIGH POC KEV PATCH THREAT This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Windows 10 1507 Windows 10 1607 +3
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
40.9%
CVE-2023-31982 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31981 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31979 HIGH POC This Week

Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Catdoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44283 HIGH POC PATCH This Week

A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Shieldstore
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31478 HIGH POC THREAT This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
29.7%
CVE-2023-31474 HIGH POC This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31472 HIGH POC THREAT This Week

An issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Command Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware +29
NVD GitHub
CVSS 3.1
7.5
EPSS
19.9%
CVE-2023-31490 HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-31476 HIGH POC This Week

An issue was discovered on GL.iNet devices running firmware before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl Mv1000W Firmware Gl Mv1000 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25832 HIGH This Week

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Portal For Arcgis
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24947 HIGH PATCH This Week

Windows Bluetooth Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1607 +6
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20046 HIGH This Week

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Staros
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-32069 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29462 HIGH This Week

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell RCE Arena
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30899 HIGH This Week

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Siveillance Video
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30898 HIGH This Week

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Siveillance Video
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28283 HIGH PATCH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-24903 HIGH PATCH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-29343 HIGH PATCH This Week

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Sysmon
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-29341 HIGH PATCH This Week

AV1 Video Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Av1 Video Extension
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29340 HIGH PATCH This Week

AV1 Video Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Av1 Video Extension
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24953 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24949 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 +6
NVD
CVSS 3.1
7.8
EPSS
24.6%
CVE-2023-24946 HIGH PATCH This Week

Windows Backup Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24905 HIGH PATCH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Authentication Bypass Windows 10 20H2 Windows 10 21h2 Windows 10 22h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-24902 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 11 21H2 Windows 11 22h2
NVD
CVSS 3.1
7.8
EPSS
5.1%
CVE-2023-30986 HIGH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Solid Edge Se2023
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29092 HIGH This Week

An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware Exynos 5300 Firmware Exynos 980 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30056 HIGH This Week

A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Origination Manager Decision
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29104 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2023-30740 HIGH This Week

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-29335 HIGH PATCH This Week

Microsoft Word Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2156 HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2023-28127 HIGH This Week

A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Avalanche
NVD
CVSS 3.1
7.5
EPSS
58.6%
CVE-2023-20524 HIGH This Week

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Epyc 72F3 Firmware Epyc 7313 Firmware Epyc 7313P Firmware +45
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29325 HIGH PATCH This Week

Windows OLE Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.5
EPSS
84.4%
CVE-2023-24942 HIGH PATCH This Week

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-24940 HIGH PATCH This Week

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-24939 HIGH PATCH This Week

Server for NFS Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 20H2 +8
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2023-24901 HIGH PATCH This Week

Windows NFS Portmapper Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-24898 HIGH PATCH This Week

Windows SMB Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2022
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-31139 HIGH This Week

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dhis 2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31137 HIGH PATCH This Week

MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Maradns Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-29106 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy