Skip to main content
CVE-2023-33177 HIGH POC PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal PHP Xibo
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2023-2984 HIGH POC PATCH This Week

Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2983 HIGH POC PATCH This Week

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2980 HIGH POC PATCH This Week

A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pydio Cells
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2979 HIGH POC This Week

A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pydio Cells
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2288 HIGH POC THREAT This Week

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Otter
NVD WPScan
CVSS 3.1
8.8
EPSS
18.0%
CVE-2023-1938 HIGH POC This Week

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress CSRF Wp Fastest Cache
NVD WPScan
CVSS 3.1
8.8
EPSS
8.5%
CVE-2023-0766 HIGH POC This Week

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Newsletter Popup
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-29738 HIGH POC This Week

An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Wave Animated Keyboard Emoji
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-34153 HIGH POC This Week

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Imagemagick Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-29733 HIGH POC This Week

The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Lock Master
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29743 HIGH POC This Week

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Bestweather
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29740 HIGH POC This Week

An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Alarm Clock For Heavy Sleepers
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29726 HIGH POC This Week

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Call Blocker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-33741 HIGH POC This Week

Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure V380 Pro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33740 HIGH POC This Week

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Luowice
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29731 HIGH POC This Week

SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Google Solive
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2968 HIGH POC PATCH This Week

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Proxy
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-0329 HIGH POC THREAT This Week

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Website Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
19.7%
CVE-2023-32698 HIGH POC PATCH This Week

nFPM is an alternative to fpm. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Nfpm
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-2936 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
23.0%
CVE-2023-2935 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2023-2934 HIGH This Week

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-2933 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2932 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2931 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2930 HIGH This Week

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2929 HIGH This Week

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32696 HIGH PATCH This Week

CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE Docker Ckan
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-33191 HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-33245 HIGH This Week

Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Minecraft
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26130 HIGH PATCH This Week

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Cpp Httplib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2939 HIGH This Week

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-31184 HIGH This Week

ROZCOM client CWE-798: Use of Hard-coded Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Rozcom Client
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-28079 HIGH PATCH This Week

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation RCE Microsoft Powerpath
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30601 HIGH PATCH This Week

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra0.0 through 4.0.9, from 4.1.0 through 4.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache Cassandra
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0779 HIGH This Week

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-33234 HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes Apache Airflow Providers Cncf Kubernetes
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-32342 HIGH This Week

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-31185 HIGH This Week

ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rozcom Client
NVD
CVSS 3.1
7.5
EPSS
13.8%
CVE-2023-33973 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24826 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23755 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24825 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24817 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30196 HIGH PATCH This Week

Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Salesbooster
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33198 HIGH PATCH This Week

tgstation-server is a production scale tool for BYOND server management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33175 HIGH PATCH This Week

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Toui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28080 HIGH PATCH This Week

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Powerpath
NVD
CVSS 3.1
7.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy