Skip to main content
CVE-2023-3274 HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Supplier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33243 HIGH POC This Week

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Starface
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
4.4%
CVE-2023-34455 HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-34453 HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-3276 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Hutool
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-21127 HIGH PATCH This Week

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow RCE Google Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-21115 HIGH This Week

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-21108 HIGH PATCH This Week

In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Google Use After Free RCE +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Intrepidity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25055 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Google Xml Sitemap For Videos
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25450 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Givewp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23802 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Ht Easy Ga4 Google Analytics 4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25449 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cformsii
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35030 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Dxp Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-24032 HIGH PATCH This Week

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Privilege Escalation Command Injection Collaboration
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-29321 HIGH This Week

Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21618 HIGH This Week

Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21139 HIGH PATCH This Week

In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21138 HIGH PATCH This Week

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21135 HIGH PATCH This Week

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21131 HIGH PATCH This Week

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21129 HIGH This Week

In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21128 HIGH PATCH This Week

In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21126 HIGH PATCH This Week

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21124 HIGH PATCH This Week

In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21123 HIGH This Week

In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21122 HIGH This Week

In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21121 HIGH This Week

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21120 HIGH This Week

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-2847 HIGH This Week

During internal security analysis, a local privilege escalation vulnerability has been identified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Cyber Security Endpoint Antivirus Server Security
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-2270 HIGH This Week

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Netskope
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28175 HIGH This Week

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Video Management System Video Management System Viewer Divar Ip 3000 Firmware Divar Ip 6000 Firmware +5
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-23841 HIGH This Week

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28809 HIGH This Week

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ds K1T320Efwx Firmware Ds K1T320Efx Firmware Ds K1T320Ewx Firmware Ds K1T320Ex Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22248 HIGH PATCH This Week

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-21144 HIGH PATCH This Week

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Google Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34454 HIGH PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Java Buffer Overflow Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-25683 HIGH This Week

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Powervm Hypervisor
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29297 HIGH PATCH This Week

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Ssti Commerce Magento
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-21101 HIGH This Week

In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy