Skip to main content
CVE-2023-34468 HIGH POC PATCH THREAT Act Now

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Apache Nifi
NVD GitHub
CVSS 3.1
8.8
EPSS
63.6%
CVE-2023-3208 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roadflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33253 HIGH POC This Week

LabCollector 6.0 though 6.15 allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Labcollector
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-34488 HIGH POC This Week

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nanomq
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34942 HIGH POC This Week

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34940 HIGH POC This Week

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34105 HIGH POC PATCH This Week

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Simple Realtime Server
NVD GitHub
CVSS 3.1
7.5
EPSS
8.8%
CVE-2023-30198 HIGH POC This Week

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Winbizpayment
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2023-3206 HIGH POC THREAT This Week

A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vec40G Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
18.7%
CVE-2023-33290 HIGH POC This Week

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Git Url Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26298 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26297 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26296 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28478 HIGH This Week

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link Ec70 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34343 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Denial Of Service Command Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34336 HIGH This Week

AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34334 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Denial Of Service Command Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34341 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35035 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35033 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35032 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35031 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26294 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32221 HIGH This Week

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Todo Backup
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32219 HIGH This Week

A Mazda model (2015-2016) can be unlocked via an unspecified method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mazda Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1899 HIGH This Week

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-1898 HIGH This Week

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1897 HIGH This Week

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-35053 HIGH This Week

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34494 HIGH PATCH This Week

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29385 HIGH This Week

The WP Abstracts plugin for WordPress (versions <= 2.6.2) contains an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability that allows remote attackers to execute malicious JavaScript in users' browsers. With an EPSS score of 0.10% (28th percentile), this vulnerability has relatively low exploitation activity in the wild and is not currently listed in CISA's KEV catalog.

XSS WordPress PHP Wp Abstracts
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy