Skip to main content
CVE-2023-36661 HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-36630 HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass Cloudpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36632 HIGH POC This Week

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-36612 HIGH POC This Week

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Google Basecamp
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3396 MEDIUM POC This Month

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36660 CRITICAL PATCH Act Now

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Nettle
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36663 HIGH PATCH This Week

it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Openitcockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36664 HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-36666 MEDIUM PATCH This Month

INEX IXP-Manager before 6.3.1 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Ixp Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy