Skip to main content
CVE-2023-32522 HIGH POC PATCH This Week

A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Trend Micro Mobile Security
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2023-34463 HIGH POC This Week

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-25307 HIGH POC PATCH This Week

nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mrpack Install
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-36631 HIGH POC This Week

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Binisoft Windows Firewall Control
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35695 HIGH POC PATCH This Week

A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trend Micro Mobile Security
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-35933 HIGH POC PATCH This Week

OPenFGA is an open source authorization/permission engine built for developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Openfga
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25306 HIGH POC This Week

MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Multimc
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-3398 HIGH POC PATCH This Week

Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-32530 HIGH PATCH This Week

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro SQLi Apex Central
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-32529 HIGH PATCH This Week

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro SQLi Apex Central
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-32528 HIGH PATCH This Week

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Trend Micro Mobile Security
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-32527 HIGH PATCH This Week

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Trend Micro Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-32524 HIGH PATCH This Week

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-32523 HIGH PATCH This Week

Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-3422 HIGH This Week

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3421 HIGH This Week

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3420 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
56.2%
CVE-2023-36252 HIGH This Week

An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Flamingo Xl Firmware Flamingo Xs Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2005 HIGH This Week

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nessus Securitycenter Tenable Io
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-34418 HIGH This Week

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Xclarity Administrator
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-34148 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34147 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34146 HIGH PATCH This Week

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34145 HIGH PATCH This Week

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34144 HIGH PATCH This Week

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28929 HIGH This Week

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Antivirus Security 2021 Internet Security 2021 Maximum Security 2021 +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34924 HIGH This Week

H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1Stw Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3113 HIGH This Week

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Xclarity Administrator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2992 HIGH This Week

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Certified Node Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36301 HIGH This Week

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1150 HIGH This Week

Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 363 040 000 Firmware 750 362 040 000 Firmware 750 362 000 001 Firmware 750 891 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34420 HIGH This Week

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Xclarity Administrator
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-32555 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-32554 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.0).

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy