Skip to main content
CVE-2022-47879 HIGH POC This Week

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Jedox Jedox Cloud
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
6.7%
CVE-2023-32073 HIGH POC PATCH This Week

WWBN AVideo is an open source video platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2023-30130 HIGH POC This Week

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Craft Cms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-29657 HIGH POC This Week

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Extplorer
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2677 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Contact Tracing System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2670 HIGH POC This Week

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-31922 HIGH POC This Week

QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Quickjs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1934 HIGH POC This Week

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Pnpscada
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
8.1%
CVE-2023-20877 HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware Authentication Bypass Cloud Foundation +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32305 HIGH PATCH This Week

aiven-extras is a PostgreSQL extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation RCE PostgreSQL Aiven
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2458 HIGH This Week

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2457 HIGH This Week

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2515 HIGH PATCH This Week

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28522 HIGH PATCH This Week

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Api Connect
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23444 HIGH This Week

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ue410 En4 Firmware Ue410 En3 Firmware Ue410 En1 Firmware Fx0 Gpnt00030 Firmware +7
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2023-2512 HIGH PATCH This Week

Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Workerd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-29032 HIGH PATCH This Week

An attacker that has gained access to certain private information can use this to act as other user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Authentication Bypass Openmeetings
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-25009 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25008 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25007 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25006 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25005 HIGH This Week

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Infraworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25428 HIGH This Week

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Free Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-31197 HIGH This Week

Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Trace Analyzer And Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29242 HIGH This Week

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Oneapi Ai Analytics Toolkit Oneapi Base Toolkit +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25927 HIGH This Week

IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-2514 HIGH This Week

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2666 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Froxlor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2665 HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29790 HIGH This Week

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kodbox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20878 HIGH This Week

VMware Aria Operations contains a deserialization vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Deserialization Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-29246 HIGH PATCH This Week

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Code Injection Openmeetings
NVD
CVSS 3.1
7.2
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy