Skip to main content
CVE-2023-36144 HIGH POC THREAT Act Now

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.7%.

Authentication Bypass Sg 2404 Mr Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
39.7%
Threat
4.2
CVE-2023-36812 CRITICAL POC PATCH THREAT Act Now

OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Opentsdb
NVD GitHub
CVSS 3.1
9.8
EPSS
16.5%
CVE-2023-2834 CRITICAL POC PATCH Act Now

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Bookit
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3490 CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fossbilling
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31543 CRITICAL POC PATCH Act Now

A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pipreqs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37303 CRITICAL POC Act Now

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3473 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-26135 CRITICAL POC Act Now

All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Flatnest
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36143 HIGH POC This Week

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Maxlink 1200G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-3491 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Fossbilling
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33298 HIGH POC This Week

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Xpc Helpertool
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-37306 HIGH POC PATCH This Week

MISP 2.4.172 mishandles different certificate file extensions in server sync. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Misp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36347 HIGH POC THREAT This Week

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Codekop
NVD
CVSS 3.1
7.5
EPSS
34.3%
CVE-2023-3478 HIGH POC This Week

A vulnerability classified as critical was found in IBOS OA 4.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-3338 MEDIUM POC This Month

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Active Iq Unified Manager +1
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2023-37365 MEDIUM POC PATCH This Month

Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hnswlib
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36810 MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36807 MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34840 MEDIUM POC This Month

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angular Ui Notification
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-35175 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-37360 MEDIUM POC PATCH This Month

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Pacparser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37302 MEDIUM POC This Month

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33276 MEDIUM POC This Month

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knx Ip Router Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3479 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-3249 CRITICAL PATCH Act Now

The Web3 - Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Web3 Crypto Wallet Login Nft Token Gating
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2908 MEDIUM POC PATCH This Month

A null pointer dereference issue was found in Libtiff's tif_dir.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-36146 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Re170 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36477 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ckeditor Integration Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-37304 MEDIUM POC This Month

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37305 MEDIUM POC This Month

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-37301 MEDIUM POC This Month

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-37300 MEDIUM POC This Month

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-2846 CRITICAL Act Now

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx3U 16Mr Es Firmware Fx3U 16Mt Es Firmware Fx3U 16Mt Ess Firmware Fx3U 32Mr Es Firmware +146
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2023-35176 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35178 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP W1A75A Firmware W1A76A Firmware W1A77A Firmware +35
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35177 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption HP Buffer Overflow W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3063 HIGH PATCH This Week

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Sp Project Document Manager
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-22816 HIGH This Week

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection My Cloud Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3469 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-35947 HIGH PATCH This Week

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gradle
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-32613 HIGH PATCH This Week

Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-3493 HIGH PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-29145 HIGH This Week

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Endpoint Detection And Response Malwarebytes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36539 HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Video Software Development Kit Zoom +5
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32622 HIGH PATCH This Week

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-32621 HIGH PATCH This Week

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-32612 HIGH PATCH This Week

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-29241 HIGH This Week

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Building Integration System
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-27469 HIGH This Week

Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Anti Exploit
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-26299 HIGH PATCH This Week

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. Rated high severity (CVSS 7.0).

RCE HP 260 G4 Desktop Mini Firmware T430 Firmware T628 Firmware +56
NVD
CVSS 3.1
7.0
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy