Skip to main content
CVE-2023-33722 HIGH POC This Week

EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6288Acl Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-33718 HIGH POC This Week

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3018 HIGH POC This Week

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lost And Found Information System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33485 HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28353 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft Insight
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-28349 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Insight
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3012 HIGH POC PATCH This Week

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29742 HIGH POC This Week

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Bestweather
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34258 HIGH POC This Week

An issue was discovered in BMC Patrol before 22.1.00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Patrol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33507 HIGH POC This Week

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Via Go2 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28352 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Insight
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2023-28348 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-28346 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-33629 HIGH POC This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2023-3013 HIGH POC PATCH This Week

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-29745 HIGH POC This Week

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Bestweather
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-28344 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-2549 HIGH PATCH This Week

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Feather Login Page
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2545 HIGH PATCH This Week

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass Feather Login Page
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26278 HIGH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26277 HIGH This Week

IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30285 HIGH This Week

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Issue Sync
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33964 HIGH PATCH This Week

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mx Chain Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34227 HIGH This Week

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2749 HIGH This Week

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Download Center
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-30197 HIGH This Week

Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Myinventory
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2435 HIGH PATCH This Week

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-33643 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33642 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33641 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33640 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33639 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33638 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33637 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33636 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33635 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33634 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33633 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33632 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33631 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33630 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33628 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33627 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy