Skip to main content
CVE-2023-36665 CRITICAL POC PATCH Act Now

"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Protobufjs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-36934 CRITICAL POC PATCH THREAT Act Now

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
9.1
EPSS
95.0%
CVE-2023-36821 HIGH POC PATCH This Week

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js RCE Uptime Kuma
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-36813 HIGH POC PATCH This Week

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation SQLi Kanboard
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36458 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1panel
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-36457 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1panel
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-36822 HIGH POC PATCH This Week

Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Uptime Kuma
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-36624 HIGH POC This Week

Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Miniserver Go Gen 2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36623 HIGH POC This Week

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Miniserver Go Gen 2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31194 HIGH POC This Week

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Diagon
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27390 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Diagon
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34457 HIGH POC PATCH This Week

MechanicalSoup is a Python library for automating interaction with websites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Mechanicalsoup
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36622 HIGH POC This Week

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Miniserver Go Gen 2 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-37206 MEDIUM POC This Month

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34654 MEDIUM POC This Month

taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Taocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36808 CRITICAL Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
47.6%
CVE-2023-35924 CRITICAL Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
52.4%
CVE-2023-34338 CRITICAL Act Now

AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-30207 MEDIUM POC PATCH This Month

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Kodi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25399 MEDIUM POC PATCH This Month

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Scipy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36828 MEDIUM POC PATCH This Month

Statamic is a flat-first, Laravel and Git powered content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Statamic
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-36809 MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx File Upload Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-35863 MEDIUM POC This Month

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Microsoft Http Debugger
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-3455 CRITICAL Act Now

Key management vulnerability on system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-35936 MEDIUM POC This Month

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2022-42175 HIGH This Week

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Solusvm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-34473 HIGH This Week

AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34337 HIGH This Week

AMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-30607 HIGH PATCH This Week

icingaweb2-module-jira provides integration with Atlassian Jira. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Atlassian Icinga Web Jira Integration
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-37212 HIGH This Week

Memory safety bugs present in Firefox 114. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37211 HIGH This Week

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37209 HIGH This Week

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37202 HIGH This Week

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37201 HIGH This Week

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3515 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

Gitea Open Redirect
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-35939 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-34471 HIGH This Week

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-36932 HIGH This Week

In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
8.1
EPSS
81.1%
CVE-2023-35975 HIGH This Week

An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-35001 HIGH PATCH This Week

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-31248 HIGH PATCH This Week

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-37203 HIGH This Week

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Firefox
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37208 HIGH This Week

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36827 HIGH PATCH This Week

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Fides
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-35940 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36933 HIGH This Week

In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moveit Transfer
NVD
CVSS 3.1
7.5
EPSS
72.2%
CVE-2023-35979 HIGH This Week

There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Arubaos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3089 HIGH This Week

A compliance problem was found in the Red Hat OpenShift Container Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openshift Container Platform Openshift Container Platform For Linuxone Openshift Container Platform For Power +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2880 HIGH This Week

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Frauscher Diagnostic System 101
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-35974 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy