Skip to main content
CVE-2023-25007 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25006 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25005 HIGH This Week

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Infraworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25428 HIGH This Week

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Free Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-31197 HIGH This Week

Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Trace Analyzer And Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29242 HIGH This Week

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Oneapi Ai Analytics Toolkit Oneapi Base Toolkit +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25927 HIGH This Week

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-2514 HIGH This Week

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2666 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Froxlor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2665 HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29790 HIGH This Week

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kodbox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20878 HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-29246 HIGH PATCH This Week

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Code Injection Openmeetings
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-20880 MEDIUM This Month

VMware Aria Operations contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20879 MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-31199 MEDIUM PATCH This Month

Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Authentication Bypass Solid State Drive Toolbox
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-30768 MEDIUM This Month

Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Server Board S1200V3Rpl Firmware Server Board S1200V3Rpm Firmware +62
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-30763 MEDIUM PATCH This Month

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Intel Heap Overflow Battery Life Diagnostic Tool +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-2181 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2088 MEDIUM This Month

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openstack
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-32081 MEDIUM PATCH This Month

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Vert X Stomp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2682 MEDIUM This Month

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical.cgi of the component Mini_HTTPD. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Caton Live
NVD VulDB
CVSS 3.1
6.3
EPSS
1.9%
CVE-2023-27237 MEDIUM This Month

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lavalite
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29818 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29819 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29820 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32303 MEDIUM PATCH This Month

Planet is software that provides satellite data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Planet
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23867 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buttons X
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28520 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28936 MEDIUM PATCH This Month

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-27863 MEDIUM PATCH This Month

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Protect
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-28414 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apexchat
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25958 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Tooltips
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25460 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Ad Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23810 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Panorama
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22685 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Category Specific Rss Feed Subscription
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy