Skip to main content
CVE-2023-33817 HIGH POC This Week

hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hoteldruid
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-33568 HIGH POC PATCH THREAT This Week

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
7.5
EPSS
14.9%
CVE-2023-30179 HIGH POC This Week

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2023-33695 HIGH POC PATCH This Week

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hutool
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-3217 HIGH This Week

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2023-3216 HIGH This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3215 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
13.8%
CVE-2023-3214 HIGH This Week

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34121 HIGH This Week

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft Rooms Zoom +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-30901 HIGH PATCH This Week

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Q200 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28829 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Simatic Net Pc Software Simatic Pcs 7 Simatic Wincc +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25910 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Simatic Pcs 7 Simatic S7 Pm Simatic Step 7
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2637 HIGH This Week

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rockwell Factorytalk Policy Manager Factorytalk System Services
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-33991 HIGH This Week

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Ui
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-24546 HIGH This Week

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cloudvision Portal
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-32548 HIGH This Week

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Microsoft Wps Office
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-0142 HIGH This Week

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller Router Manager Diskstation Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-34120 HIGH This Week

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-29167 HIGH This Week

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Frenic Rhc Loader
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29160 HIGH This Week

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Frenic Rhc Loader
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33124 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33123 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30897 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Wincc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28000 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortiadc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26210 HIGH This Week

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiadc Fortiadc Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-22639 HIGH This Week

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fortinet Privilege Escalation Fortiproxy +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28602 HIGH This Week

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Zoom
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-2778 HIGH This Week

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Factorytalk Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1707 HIGH This Week

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 5
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31196 HIGH This Week

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ac Pd Wapu Firmware Ac Pd Wapum Firmware Ac Pd Wapu P Firmware Ac Pd Wapum P Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-22633 HIGH This Week

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac Fortinac F
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2729 HIGH This Week

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller Router Manager Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31198 HIGH This Week

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ac Pd Wapu Firmware Ac Pd Wapum Firmware Ac Pd Wapu P Firmware Ac Pd Wapum P Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-33919 HIGH PATCH This Week

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Cpci85 Firmware
NVD
CVSS 3.1
7.2
EPSS
47.7%
CVE-2023-28603 HIGH This Week

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy