Skip to main content
CVE-2023-36661 HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-36630 HIGH POC This Week

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Upload Authentication Bypass Cloudpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36632 HIGH POC This Week

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-36612 HIGH POC This Week

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Google Basecamp
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36663 HIGH PATCH This Week

it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Openitcockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36664 HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy