Skip to main content
CVE-2023-31568 HIGH POC This Week

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Podofo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-31567 HIGH POC This Week

Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Podofo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-31566 HIGH POC This Week

Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Podofo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27563 HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Node.js N8n
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-2629 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31910 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31908 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31907 HIGH POC This Week

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31906 HIGH POC This Week

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27564 HIGH POC PATCH This Week

The n8n package 0.218.0 for Node.js allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure N8n
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-32080 HIGH PATCH This Week

Wings is the server control plane for Pterodactyl Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wings
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-31161 HIGH This Week

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sel 3350 Firmware Sel 3532 Firmware Sel 3555 Firmware Sel 3560E Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31152 HIGH This Week

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-31149 HIGH This Week

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31148 HIGH This Week

An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29930 HIGH This Week

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Tftp Server
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-27298 HIGH This Week

Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Wake Up Latency Tracer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27889 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Liquid Speech Balloon
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-22441 HIGH This Week

Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2023-1732 HIGH PATCH This Week

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Circl
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-28410 HIGH This Week

Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Linux Intel I915 Graphics
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27382 HIGH This Week

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Nuc P14E Laptop Element
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-23910 HIGH This Week

Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Intel Oneapi Hpc Toolkit +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23580 HIGH This Week

Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Intel Oneapi Hpc Toolkit +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23569 HIGH This Week

Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Intel Oneapi Hpc Toolkit +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22661 HIGH PATCH This Week

Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation Buffer Overflow Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22440 HIGH This Week

Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Setup And Configuration Software
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22355 HIGH This Week

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor Cpu Runtime Distribution For Python +26
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22312 HIGH PATCH This Week

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Authentication Bypass Nuc 11 Performance Kit Nuc11Pahi70Z Firmware Nuc 11 Performance Kit Nuc11Pahi50Z Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22297 HIGH PATCH This Week

Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27385 HIGH This Week

Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cx Drive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30356 HIGH This Week

Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenda Cp3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-30351 HIGH This Week

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tenda Cp3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-25568 HIGH PATCH This Week

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Boxo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2618 HIGH PATCH This Week

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Opencv
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-2617 HIGH PATCH This Week

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Opencv
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-27527 HIGH This Week

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Shinseiyo Sogo Soft
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27510 HIGH This Week

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jb Inquiry Form
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25184 HIGH This Week

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware Skyspider Mb R210 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25072 HIGH This Week

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23906 HIGH This Week

Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23578 HIGH This Week

Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A200 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-27386 HIGH This Week

Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Pathfinder For Risc V
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32568 HIGH This Week

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Infoscale Operations Manager
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-22442 HIGH PATCH This Week

Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Intel Server System D50Tnp1Mhcrlc Firmware +9
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy