Skip to main content
CVE-2023-2124 HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-21102 HIGH POC This Week

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32309 HIGH POC PATCH This Week

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Pymdown Extensions
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-31631 HIGH POC This Week

An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31630 HIGH POC This Week

An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31629 HIGH POC This Week

An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31628 HIGH POC This Week

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31627 HIGH POC This Week

An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31626 HIGH POC This Week

An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31625 HIGH POC This Week

An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31624 HIGH POC This Week

An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31623 HIGH POC This Week

An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31622 HIGH POC This Week

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31621 HIGH POC This Week

An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31620 HIGH POC This Week

An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31619 HIGH POC This Week

An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31618 HIGH POC This Week

An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31617 HIGH POC This Week

An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31616 HIGH POC This Week

An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31615 HIGH POC This Week

An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31614 HIGH POC This Week

An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31613 HIGH POC This Week

An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31612 HIGH POC This Week

An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31611 HIGH POC This Week

An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31610 HIGH POC This Week

An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31609 HIGH POC This Week

An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31608 HIGH POC This Week

An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31607 HIGH POC This Week

An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2180 HIGH POC This Week

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Kiwiz Invoices Certification Pdf System
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0812 HIGH POC This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32784 HIGH POC This Week

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keepass
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2023-31845 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31844 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31843 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31842 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1549 HIGH POC THREAT This Week

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Ad Inserter
NVD WPScan
CVSS 3.1
7.2
EPSS
16.9%
CVE-2023-1207 HIGH POC This Week

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Http Headers
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-21117 HIGH PATCH This Week

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21110 HIGH PATCH This Week

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21109 HIGH PATCH This Week

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21107 HIGH PATCH This Week

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21106 HIGH PATCH This Week

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-23447 HIGH This Week

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23446 HIGH This Week

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23445 HIGH This Week

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-32787 HIGH PATCH This Week

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Ua Java Legacy Ua Historian Ua Modbus Server +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-22318 HIGH This Week

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Checkmk Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32758 HIGH PATCH This Week

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Git Url Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy