Skip to main content
CVE-2023-34102 HIGH POC PATCH This Week

Avo is an open source ruby on rails admin panel creation framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Avo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-3079 HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
32.7%
CVE-2023-34097 HIGH POC PATCH This Week

hoppscotch is an open source API development ecosystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Hoppscotch
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33410 HIGH POC This Week

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3066 HIGH POC This Week

Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administrators3.20. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amxgt 100
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-33733 HIGH POC PATCH This Week

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reportlab
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-3098 HIGH POC This Week

A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Youker Assistant
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-3097 HIGH POC This Week

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kylin Software Properties
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-3096 HIGH POC This Week

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kylin Software Properties
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34411 HIGH POC PATCH This Week

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service XXE Xml Library
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-34407 HIGH POC This Week

OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Office Player
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-0900 HIGH POC This Week

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pricing Table Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
3.2%
CVE-2023-3099 HIGH POC This Week

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Youker Assistant
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-32217 HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0041 HIGH PATCH This Week

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3027 HIGH This Week

The grc-policy-propagator allows security escalation within the cluster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3111 HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29344 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-27285 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24510 HIGH This Week

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31893 HIGH This Week

Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Brasil Vivo Play Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22862 HIGH PATCH This Week

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy