Skip to main content
CVE-2023-31999 HIGH POC PATCH This Week

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oauth2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3503 HIGH POC This Week

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Shopping Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1273 HIGH POC This Week

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Nd Shortcodes
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22906 HIGH POC This Week

Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Qubo Hcd01 Firmware Qubo Hcd02 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3502 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3133 HIGH POC This Week

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Tutor Lms
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-2974 HIGH PATCH This Week

A vulnerability was found in quarkus-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Of Quarkus
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-28542 HIGH PATCH This Week

Memory Corruption in WLAN HOST while fetching TX status information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28541 HIGH PATCH This Week

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware C V2x 9150 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24854 HIGH PATCH This Week

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +155
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24851 HIGH PATCH This Week

Memory Corruption in WLAN HOST while parsing QMI response message from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware +182
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22667 HIGH This Week

Memory Corruption in Audio while allocating the ion buffer during the music playback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Firmware Apq8017 Firmware Aqt1000 Firmware +197
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22387 HIGH PATCH This Week

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow 315 5g Iot Firmware Apq8017 Firmware Aqt1000 Firmware +263
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22386 HIGH PATCH This Week

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware +192
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21672 HIGH PATCH This Week

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6900 Firmware +54
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21641 HIGH PATCH This Week

An app with non-privileged access can change global system brightness and cause undesired system behavior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6574au Firmware Qca6696 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21640 HIGH This Week

Memory corruption in Linux when the file upload API is called with parameters having large buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow File Upload Fastconnect 6900 Firmware Fastconnect 7800 Firmware Snapdragon 8 Gen 1 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21639 HIGH This Week

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Qca6420 Firmware Qca6430 Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21638 HIGH This Week

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21637 HIGH This Week

Memory corruption in Linux while calling system configuration APIs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +50
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21635 HIGH This Week

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21633 HIGH This Week

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8064au Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20773 HIGH This Week

In vow, there is a possible escalation of privilege due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25522 HIGH This Week

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Denial Of Service Dgx A100 Firmware Dgx A800 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25521 HIGH This Week

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Denial Of Service Nvidia Dgx A100 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20693 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20692 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20691 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20690 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20689 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25517 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-25516 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux Integer Overflow Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy