Skip to main content
CVE-2023-30625 HIGH POC PATCH THREAT Act Now

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SQLi Rudder Server
NVD GitHub
CVSS 3.1
8.8
EPSS
85.8%
CVE-2023-34832 CRITICAL POC Act Now

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Archer Ax10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34659 CRITICAL POC THREAT Act Now

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2023-34548 CRITICAL POC Act Now

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35708 CRITICAL POC PATCH THREAT Act Now

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2023-35788 HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation Linux Memory Corruption +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34795 HIGH POC PATCH This Week

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Xlsxio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34645 HIGH POC This Week

jfinal CMS 5.1.0 has an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Jfinal Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30223 HIGH POC This Week

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30222 HIGH POC This Week

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-24243 HIGH POC This Week

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Arc
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2023-25187 HIGH POC This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Asika Airscale Firmware
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
1.0%
CVE-2023-34733 MEDIUM POC This Month

A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Discover Media Infotainment System
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-34660 MEDIUM POC This Month

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jeecg Boot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3294 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS React Storefront
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35784 CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl Openbsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25366 CRITICAL Act Now

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sds 1104X E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35782 CRITICAL PATCH Act Now

The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Ipandlanguageredirect
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32754 CRITICAL Act Now

Thinking Software Efence login function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Efence
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32753 CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32752 CRITICAL Act Now

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Instantqos Instantscan
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33438 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teammate
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3195 MEDIUM POC PATCH This Month

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Denial Of Service Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-34845 MEDIUM POC This Month

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-26527 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Debug Assistant
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3293 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-34154 HIGH This Week

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Huawei Harmonyos
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-30905 HIGH This Week

The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sgi Uv 300 Rmc Firmware Integrity Mc990 X Server Rmc Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25188 HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25185 HIGH This Week

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nokia Asika Airscale Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32028 HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Ole Db Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32027 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-32026 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32025 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29356 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29349 HIGH PATCH This Week

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Odbc Driver For Sql Server Ole Db Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-25645 HIGH This Week

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Up T2 4K Firmware Zxv10 B866V2 H Firmware Zxv10 B866V2 Firmware +2
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-35790 HIGH PATCH This Week

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libjxl
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3291 LOW POC PATCH Monitor

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2023-3268 HIGH PATCH This Week

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-20885 MEDIUM This Month

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Nfs Volume Cloud Foundry Notifications Cloud Foundry Smb Volume
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33307 MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33306 MEDIUM This Month

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortinet Null Pointer Dereference Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2831 MEDIUM This Month

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2797 MEDIUM This Month

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2793 MEDIUM This Month

Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2792 MEDIUM This Month

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2788 MEDIUM This Month

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2787 MEDIUM This Month

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2784 MEDIUM This Month

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy