Skip to main content
CVE-2023-32707 HIGH POC THREAT Act Now

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.5%
CVE-2023-29736 CRITICAL POC Act Now

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Google Keyboard Themes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-33963 CRITICAL POC Act Now

DataEase is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33778 CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware Vigorswitch Pq2121X Firmware Vigorswitch P2540Xs Firmware +68
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-29722 CRITICAL POC Act Now

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Glitter Unicorn Wallpaper
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-3029 HIGH POC This Week

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft CSRF Pythagorean Oa Office System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32310 HIGH POC PATCH This Week

DataEase is an open source data visualization and analysis tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-33552 HIGH POC This Week

Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Erofs Utils
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-33551 HIGH POC This Week

Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Erofs Utils
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-34312 HIGH POC This Week

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qq Tim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29723 HIGH POC This Week

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Glitter Unicorn Wallpaper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-27640 HIGH POC This Week

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Custom Product Designer
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-27639 HIGH POC This Week

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Custom Product Designer
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-34092 HIGH POC PATCH This Week

Vite provides frontend tooling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vite
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-33960 HIGH POC PATCH This Week

OpenProject is web-based project management software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-29748 HIGH POC This Week

Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Story Saver For Instagram Video Downloader
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29159 HIGH POC PATCH This Week

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Starlette
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-33754 MEDIUM POC This Month

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Wifi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32713 CRITICAL Act Now

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Splunk Splunk App For Stream
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-3028 CRITICAL Act Now

Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hqt401 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-24584 CRITICAL Act Now

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Controller 6000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-23952 CRITICAL Act Now

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-32324 MEDIUM POC This Month

OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Cups Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-33546 MEDIUM POC This Month

Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Janino
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33544 MEDIUM POC This Month

hawtio 2.17.2 is vulnerable to Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hawtio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33719 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33461 MEDIUM POC This Month

iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iniparser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33764 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simpleredak
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3035 MEDIUM POC This Month

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Pythagorean Oa Office System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30758 MEDIUM POC PATCH This Month

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pleasanter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-32708 HIGH This Week

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33965 HIGH PATCH This Week

Brook is a cross-platform programmable network tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Brook
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-22648 HIGH PATCH This Week

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rancher
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28937 HIGH This Week

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dataspider Servista
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28657 HIGH This Week

Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Conprosys Hmi System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32714 HIGH This Week

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Path Traversal Splunk App For Lookup File Editing
NVD
CVSS 3.1
8.1
EPSS
42.8%
CVE-2023-28713 HIGH This Week

Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Conprosys Hmi System
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-23955 HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-22647 HIGH PATCH This Week

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Rancher
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-28066 HIGH This Week

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Os Recovery Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28399 HIGH This Week

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Conprosys Hmi System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2598 HIGH This Week

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-23953 HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32690 HIGH PATCH This Week

libspdm is a sample implementation that follows the DMTF SPDM specifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libspdm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29154 HIGH This Week

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Conprosys Hmi System
NVD
CVSS 3.1
7.2
EPSS
44.0%
CVE-2023-2977 HIGH PATCH This Week

A vulnerbility was found in OpenSC. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-34091 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32716 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32706 MEDIUM This Month

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Denial Of Service XXE Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28043 MEDIUM This Month

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy