Skip to main content
CVE-2023-32707 HIGH POC THREAT Act Now

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.5%
CVE-2023-3029 HIGH POC This Week

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft CSRF Pythagorean Oa Office System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32310 HIGH POC PATCH This Week

DataEase is an open source data visualization and analysis tool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-33552 HIGH POC This Week

Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Erofs Utils
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-33551 HIGH POC This Week

Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Erofs Utils
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-34312 HIGH POC This Week

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qq Tim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29723 HIGH POC This Week

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Glitter Unicorn Wallpaper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-27640 HIGH POC This Week

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Custom Product Designer
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-27639 HIGH POC This Week

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Custom Product Designer
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-34092 HIGH POC PATCH This Week

Vite provides frontend tooling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vite
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-33960 HIGH POC PATCH This Week

OpenProject is web-based project management software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Openproject
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-29748 HIGH POC This Week

Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Story Saver For Instagram Video Downloader
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-29159 HIGH POC PATCH This Week

Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Starlette
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-32708 HIGH This Week

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33965 HIGH PATCH This Week

Brook is a cross-platform programmable network tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Brook
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-22648 HIGH PATCH This Week

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rancher
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28937 HIGH This Week

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dataspider Servista
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28657 HIGH This Week

Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Conprosys Hmi System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32714 HIGH This Week

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Path Traversal Splunk App For Lookup File Editing
NVD
CVSS 3.1
8.1
EPSS
42.8%
CVE-2023-28713 HIGH This Week

Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Conprosys Hmi System
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-23955 HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-22647 HIGH PATCH This Week

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Rancher
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-28066 HIGH This Week

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Os Recovery Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28399 HIGH This Week

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Conprosys Hmi System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2598 HIGH This Week

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-23953 HIGH This Week

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32690 HIGH PATCH This Week

libspdm is a sample implementation that follows the DMTF SPDM specifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libspdm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29154 HIGH This Week

SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Conprosys Hmi System
NVD
CVSS 3.1
7.2
EPSS
44.0%
CVE-2023-2977 HIGH PATCH This Week

A vulnerbility was found in OpenSC. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy