Skip to main content
CVE-2023-2859 HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-31748 HIGH POC This Week

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mobiletrans
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-2873 HIGH POC This Week

A vulnerability classified as critical was found in Twister Antivirus 8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31595 HIGH POC This Week

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icip P2012T Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33248 HIGH POC This Week

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alexa
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2023-33980 HIGH POC This Week

Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Briar
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33983 HIGH POC This Week

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Briar
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-2065 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cargo Tracking System
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-31459 HIGH This Week

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33945 HIGH PATCH This Week

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-1424 HIGH PATCH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Melsec Iq Fx5U 32Mr Ds Firmware Melsec Iq Fx5U 32Mr Dss Firmware +37
NVD
CVSS 3.1
8.1
EPSS
3.4%
CVE-2023-1944 HIGH This Week

This vulnerability enables ssh access to minikube container using a default password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Minikube
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2496 HIGH This Week

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass RCE WordPress Go Pricing
NVD
CVSS 3.1
7.1
EPSS
3.3%
CVE-2023-33950 HIGH PATCH This Week

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33949 HIGH PATCH This Week

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33948 HIGH PATCH This Week

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31763 HIGH This Week

Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Agshome Smart Alarm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31762 HIGH This Week

Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Dg Hamb Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31761 HIGH This Week

Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Bw Is22 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31759 HIGH This Week

Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Kerui W18 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-25599 HIGH This Week

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Mivoice Connect
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-31460 HIGH This Week

A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mivoice Connect
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy