Skip to main content
CVE-2023-36258 CRITICAL POC PATCH Act Now

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26258 CRITICAL POC THREAT Act Now

Arcserve UDP through 9.0.6034 allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
37.7%
CVE-2023-36162 HIGH POC This Week

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Zzcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34451 HIGH POC PATCH This Week

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cometbft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-36183 HIGH POC This Week

Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Openimageio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-36819 MEDIUM POC This Month

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knowage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36816 MEDIUM POC This Month

2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker 2fauth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35797 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-36223 MEDIUM POC This Month

Cross Site Scripting vulnerability in mlogclub bbs-go v. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Bbs Go
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-36222 MEDIUM POC This Month

Cross Site Scripting vulnerability in mlogclub bbs-go v. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Bbs Go
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-34450 MEDIUM POC PATCH This Month

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nginx Cometbft
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-36817 CRITICAL Act Now

`tktchurch/website` contains the codebase for The King's Temple Church website. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure The King S Temple Church Website
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-3314 HIGH This Week

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Security Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36815 HIGH This Week

Sealos is a Cloud Operating System designed for managing cloud-native applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sealos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-36377 HIGH This Week

Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Osslsigncode
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3438 HIGH PATCH This Week

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Microsoft Move
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3313 HIGH This Week

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Enterprise Security Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36814 HIGH PATCH This Week

Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Products Cmfcore
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26509 HIGH This Week

AnyDesk 7.0.8 allows remote Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Anydesk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36053 HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-36609 HIGH This Week

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-3395 MEDIUM This Month

​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36611 MEDIUM This Month

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2728 MEDIUM PATCH This Month

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2023-2727 MEDIUM PATCH This Month

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-36608 MEDIUM This Month

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-36291 MEDIUM This Month

Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Maxsite Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36610 MEDIUM This Month

​The affected TBox RTUs generate software security tokens using insufficient entropy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-37378 MEDIUM PATCH This Month

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-3497 MEDIUM This Month

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Google Chrome
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy