Skip to main content
CVE-2023-25434 HIGH POC This Week

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3236 HIGH POC This Week

A vulnerability classified as critical has been found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3235 HIGH POC This Week

A vulnerability was found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3233 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-33131 HIGH POC PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Microsoft Office Office Long Term Servicing Channel +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-33137 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Office Office Online Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.7%
CVE-2023-30082 HIGH POC This Week

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Osticket
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25369 HIGH POC This Week

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25368 HIGH POC This Week

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34868 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34867 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35110 HIGH POC This Week

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34878 HIGH POC This Week

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ujcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34624 HIGH POC PATCH This Week

An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Htmlcleaner
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34623 HIGH POC This Week

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jtidy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34620 HIGH POC PATCH This Week

An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Hjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34617 HIGH POC This Week

An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Genson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34616 HIGH POC This Week

An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Pbjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34615 HIGH POC This Week

An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jsonutil
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34614 HIGH POC This Week

An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jsonij
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34613 HIGH POC This Week

An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Sojo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34612 HIGH POC This Week

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ph Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34611 HIGH POC This Week

An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34610 HIGH POC PATCH This Week

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Json Io
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34609 HIGH POC This Week

An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Flexjson
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3241 HIGH POC This Week

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3239 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34000 HIGH POC This Week

Unauth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Stripe Payment Gateway
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3230 HIGH POC PATCH This Week

Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fossbilling
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34448 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2023-34253 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-34252 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-34251 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-32031 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
81.8%
CVE-2023-32465 HIGH This Week

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerprotect Cyber Recovery
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32009 HIGH PATCH This Week

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-29373 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-29372 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-29362 HIGH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Remote Desktop Client Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-29360 HIGH KEV PATCH THREAT This Week

Microsoft Streaming Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
8.4
EPSS
22.1%
CVE-2023-35142 HIGH PATCH This Week

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Checkmarx
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-29351 HIGH PATCH This Week

Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2023-28310 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
25.0%
CVE-2023-35141 HIGH PATCH This Week

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-26062 HIGH This Week

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Web Element Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0009 HIGH This Week

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Globalprotect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29326 HIGH PATCH This Week

.NET Framework Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Net Framework
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-24897 HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Net Framework Net +4
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-24895 HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-3001 HIGH This Week

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Igss Dashboard
NVD
CVSS 3.1
7.8
EPSS
31.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy