Skip to main content
CVE-2023-3033 HIGH POC This Week

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Mobatime Web Application
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3032 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mobatime Web Application
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27745 HIGH POC This Week

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Titan Ftp Server Nextgen
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25734 HIGH POC This Week

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Microsoft Open Redirect Firefox Firefox Esr +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-29724 HIGH POC This Week

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Bt21 X Bts Wallpaper
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27744 HIGH POC This Week

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Code Injection Titan Ftp Server Nextgen
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-33672 HIGH POC This Week

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2201 HIGH This Week

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Web Directory Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32215 HIGH This Week

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32213 HIGH This Week

When reading a file, an uninitialized value could have been used as read limit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32207 HIGH This Week

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29551 HIGH This Week

Memory safety bugs present in Firefox 111. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-29550 HIGH This Week

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29543 HIGH This Week

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-29541 HIGH This Week

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29539 HIGH This Week

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference Google Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29536 HIGH This Week

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Use After Free Mozilla Memory Corruption +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28177 HIGH This Week

Memory safety bugs present in Firefox 110. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28176 HIGH This Week

Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28162 HIGH This Week

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28161 HIGH This Week

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25746 HIGH This Week

Memory safety bugs present in Firefox ESR 102.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25745 HIGH This Week

Memory safety bugs present in Firefox 109. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25744 HIGH This Week

Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25740 HIGH This Week

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25739 HIGH This Week

Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25737 HIGH This Week

An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25735 HIGH This Week

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25732 HIGH This Week

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25731 HIGH This Week

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25729 HIGH This Week

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-23606 HIGH This Week

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23605 HIGH This Week

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0767 HIGH This Week

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28704 HIGH This Week

Furbo dog camera has insufficient filtering for special parameter of device log management function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dog Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28702 HIGH This Week

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-28699 HIGH This Week

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fantasy
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1297 HIGH PATCH This Week

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HashiCorp Consul
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29537 HIGH This Week

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Mozilla Google Firefox +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25743 HIGH This Week

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Authentication Bypass Firefox Focus
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30602 HIGH This Week

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coda 5310 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2061 HIGH This Week

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware Sw1Dnn Eipctfx5 Bd Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2060 HIGH This Week

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2063 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Information Disclosure Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware +1
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-28703 HIGH This Week

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy