Skip to main content
CVE-2023-36144 HIGH POC THREAT Act Now

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.7%.

Authentication Bypass Sg 2404 Mr Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
39.7%
Threat
4.2
CVE-2023-36143 HIGH POC This Week

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Maxlink 1200G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-3491 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Fossbilling
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33298 HIGH POC This Week

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Command Injection Xpc Helpertool
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-37306 HIGH POC PATCH This Week

MISP 2.4.172 mishandles different certificate file extensions in server sync. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Misp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36347 HIGH POC THREAT This Week

A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Codekop
NVD
CVSS 3.1
7.5
EPSS
34.3%
CVE-2023-3478 HIGH POC This Week

A vulnerability classified as critical was found in IBOS OA 4.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-35176 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service HP W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35178 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP W1A75A Firmware W1A76A Firmware W1A77A Firmware +35
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35177 HIGH This Week

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption HP Buffer Overflow W1A75A Firmware W1A76A Firmware +36
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3063 HIGH PATCH This Week

The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Sp Project Document Manager
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-22816 HIGH This Week

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection My Cloud Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-35947 HIGH PATCH This Week

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gradle
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-32613 HIGH PATCH This Week

Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-3493 HIGH PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-29145 HIGH This Week

The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Endpoint Detection And Response Malwarebytes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36539 HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Video Software Development Kit Zoom +5
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32622 HIGH PATCH This Week

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-32621 HIGH PATCH This Week

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-32612 HIGH PATCH This Week

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-29241 HIGH This Week

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Building Integration System
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-27469 HIGH This Week

Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Anti Exploit
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-26299 HIGH PATCH This Week

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. Rated high severity (CVSS 7.0).

RCE HP 260 G4 Desktop Mini Firmware T430 Firmware T628 Firmware +56
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy