Skip to main content
CVE-2023-31531 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-31530 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-31529 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-31528 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-2649 HIGH POC This Week

A vulnerability was found in Tenda AC23 16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac23 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
9.7%
CVE-2023-2647 HIGH POC This Week

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Command Injection Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.0%
CVE-2023-31497 HIGH POC This Week

Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation End Point Security
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32059 HIGH POC PATCH This Week

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32058 HIGH POC PATCH This Week

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31477 HIGH POC This Week

A path traversal issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31502 HIGH POC This Week

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Alternergy Power Control Software
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-2444 HIGH This Week

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell CSRF Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-29285 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29284 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29283 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29282 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29281 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29280 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29278 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29276 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29275 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29274 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29273 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2644 HIGH This Week

A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Digitalpersona Fpsensor
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28356 HIGH This Week

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2443 HIGH This Week

Rockwell Automation ThinManager product allows the use of medium strength ciphers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Thinmanager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0857 HIGH This Week

Unintentional change of settings during initial registration of system administrators which uses control protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31442 HIGH This Week

In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Akka Actor Akka Discovery
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30172 HIGH PATCH This Week

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29400 HIGH PATCH This Week

Templates containing actions in unquoted HTML attributes (e.g. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-24539 HIGH PATCH This Week

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-29031 HIGH This Week

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-29030 HIGH This Week

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy