Skip to main content
CVE-2023-36470 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-36469 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
82.4%
CVE-2023-36468 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-34656 HIGH POC This Week

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Video Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33277 HIGH POC This Week

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knx Ip Router Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-34843 HIGH POC This Week

Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Traggo
NVD GitHub
CVSS 3.1
7.5
EPSS
7.2%
CVE-2023-31222 HIGH This Week

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Deserialization Paceart Optima
NVD
CVSS 3.1
8.8
EPSS
28.3%
CVE-2023-33466 HIGH This Week

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orthanc
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2023-22886 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Jdbc
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26085 HIGH This Week

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Nn Android Neural Networks Driver
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3447 HIGH PATCH This Week

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress LDAP Code Injection Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-32610 HIGH This Week

Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mailform Pro Cgi
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-35938 HIGH PATCH This Week

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37237 HIGH This Week

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Appliance
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy