Skip to main content
CVE-2023-34671 HIGH POC This Week

Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Etg150 Fm Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34672 HIGH POC This Week

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35932 HIGH POC This Week

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Jcvi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-35165 HIGH POC PATCH This Week

AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Aws Cloud Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36348 HIGH POC This Week

POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Codekop
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
6.4%
CVE-2023-36345 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Codekop
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-36274 HIGH POC PATCH This Week

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36273 HIGH POC This Week

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36272 HIGH POC PATCH This Week

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36271 HIGH POC PATCH This Week

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30260 HIGH POC PATCH This Week

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-34465 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-35150 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
77.7%
CVE-2023-3302 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36193 HIGH POC This Week

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gifsicle
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36192 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1783 HIGH POC This Week

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-34467 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-36284 HIGH POC This Week

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Qloapps
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-30362 HIGH POC PATCH This Week

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29860 HIGH POC This Week

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Taier
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3393 HIGH POC PATCH This Week

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Fossbilling
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-35928 HIGH This Week

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-34203 HIGH This Week

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Openedge Openedge Explorer Openedge Management
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32439 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
23.8%
CVE-2023-32435 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +3
NVD
CVSS 3.1
8.8
EPSS
23.0%
CVE-2023-32373 HIGH KEV THREAT This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
12.2%
CVE-2023-35152 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-31469 HIGH PATCH This Week

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32414 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-32409 HIGH KEV THREAT This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.6
EPSS
16.5%
CVE-2023-35927 HIGH This Week

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-35801 HIGH This Week

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fme Server
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2023-27908 HIGH This Week

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25003 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32434 HIGH KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
51.5%
CVE-2023-32405 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32398 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32384 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32380 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32353 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Itunes
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32351 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Itunes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27930 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-23539 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23516 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28073 HIGH This Week

Dell BIOS contains an improper authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Precision 3570 Firmware Latitude 5530 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25515 HIGH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Microsoft Information Disclosure +3
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-34188 HIGH PATCH This Week

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mongoose
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-32397 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35151 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy