Skip to main content
CVE-2023-33404 CRITICAL POC THREAT Act Now

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Blogengine Net
NVD GitHub
CVSS 3.1
9.8
EPSS
25.8%
CVE-2023-30261 CRITICAL POC PATCH THREAT Act Now

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Openwb
NVD GitHub
CVSS 3.1
9.8
EPSS
31.7%
CVE-2023-32521 CRITICAL POC PATCH THREAT Act Now

A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Trend Micro Mobile Security
NVD
CVSS 3.1
9.1
EPSS
68.9%
CVE-2023-32522 HIGH POC PATCH This Week

A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Trend Micro Mobile Security
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2023-34463 HIGH POC This Week

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-25307 HIGH POC PATCH This Week

nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mrpack Install
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-36631 HIGH POC This Week

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Binisoft Windows Firewall Control
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35695 HIGH POC PATCH This Week

A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trend Micro Mobile Security
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-35933 HIGH POC PATCH This Week

OPenFGA is an open source authorization/permission engine built for developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openfga
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25306 HIGH POC This Week

MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Multimc
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-3398 HIGH POC PATCH This Week

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-35164 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-35168 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36675 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-30945 CRITICAL Act Now

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Clips2 Video Clip Distributor Video History Service
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32557 CRITICAL PATCH Act Now

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Trend Micro Apex One
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28485 MEDIUM POC This Month

A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wekan
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-32530 HIGH PATCH This Week

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro SQLi Apex Central
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-32529 HIGH PATCH This Week

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro SQLi Apex Central
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-32528 HIGH PATCH This Week

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Trend Micro Mobile Security
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-32527 HIGH PATCH This Week

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Trend Micro Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-32524 HIGH PATCH This Week

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-32523 HIGH PATCH This Week

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-3422 HIGH This Week

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3421 HIGH This Week

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3420 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
56.2%
CVE-2023-36252 HIGH This Week

An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Flamingo Xl Firmware Flamingo Xs Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2005 HIGH This Week

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nessus Securitycenter Tenable Io
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33580 MEDIUM POC This Month

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Study Center Management System
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
3.7%
CVE-2023-34418 HIGH This Week

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Xclarity Administrator
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-34148 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34147 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34146 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34145 HIGH PATCH This Week

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34144 HIGH PATCH This Week

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28929 HIGH This Week

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Antivirus Security 2021 Internet Security 2021 Maximum Security 2021 +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34924 HIGH This Week

H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1Stw Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3113 HIGH This Week

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Xclarity Administrator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2992 HIGH This Week

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Certified Node Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36301 HIGH This Week

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1150 HIGH This Week

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 363 040 000 Firmware 750 362 040 000 Firmware 750 362 000 001 Firmware 750 891 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34420 HIGH This Week

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Xclarity Administrator
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-32555 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-32554 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-2290 MEDIUM This Month

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Thinkpad E14 Firmware Thinkpad E14 Gen 2 Firmware +83
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32526 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-32525 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-34422 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34421 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33176 MEDIUM PATCH This Month

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Bigbluebutton
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy