Skip to main content
CVE-2023-3304 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35163 MEDIUM POC PATCH This Month

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vega
NVD GitHub
CVSS 3.1
5.2
EPSS
0.5%
CVE-2023-35172 CRITICAL Act Now

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-35928 HIGH This Week

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-34203 HIGH This Week

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openedge Openedge Explorer Openedge Management
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32439 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
23.8%
CVE-2023-32435 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +3
NVD
CVSS 3.1
8.8
EPSS
23.0%
CVE-2023-32373 HIGH KEV THREAT This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
12.2%
CVE-2023-35152 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35048 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Booking Rental Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31469 HIGH PATCH This Week

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32414 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-32409 HIGH KEV THREAT This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.6
EPSS
16.5%
CVE-2023-35931 MEDIUM POC PATCH This Month

Shescape is a simple shell escape library for JavaScript. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Shescape
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-34466 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-35927 HIGH This Week

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-35801 HIGH This Week

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fme Server
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2023-27908 HIGH This Week

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25003 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32434 HIGH KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
51.5%
CVE-2023-32405 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32398 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32384 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32380 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32353 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Itunes
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32351 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Itunes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27930 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-23539 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23516 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28073 HIGH This Week

Dell BIOS contains an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Precision 3570 Firmware Latitude 5530 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25515 HIGH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Microsoft Information Disclosure +3
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-34188 HIGH PATCH This Week

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mongoose
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-32397 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35151 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3303 LOW POC PATCH Monitor

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Admidio
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2023-32463 HIGH This Week

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Vxrail D560 Firmware Vxrail D560F Firmware Vxrail E460 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33141 HIGH PATCH This Week

Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Yet Another Reverse Proxy
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-28065 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Dell Microsoft Alienware Update Command Update +1
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-34254 HIGH PATCH This Week

The GLPI Agent is a generic management agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Glpi Agent
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-3317 HIGH This Week

A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mediatek Linux Memory Corruption +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32420 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32357 HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-28071 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft Alienware Update Command Update +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32413 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-25518 MEDIUM This Month

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Jetson Linux
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-32480 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Alienware M15 R7 Firmware G15 5510 Firmware G15 5520 Firmware +28
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-28060 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +431
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28058 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +431
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28050 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +431
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28044 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +431
NVD
CVSS 3.1
6.7
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy