Skip to main content
CVE-2023-37124 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37122 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bagecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36970 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-37245 CRITICAL Act Now

Buffer overflow vulnerability in the modem pinctrl module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-37240 CRITICAL Act Now

Vulnerability of missing input length verification in the distributed file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-34193 HIGH This Week

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Collaboration
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-24497 MEDIUM POC This Month

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Milesight
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-24496 MEDIUM POC This Month

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Milesightvpn
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-37453 MEDIUM POC This Month

An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2023-3520 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openitcockpit
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-26138 MEDIUM POC This Month

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Drogon
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-35934 HIGH PATCH This Week

yt-dlp is a command-line program to download videos from video sites. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Youtube Dlc Youtube Dl Yt Dlp Fedora
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-30670 HIGH This Week

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30669 HIGH This Week

Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30668 HIGH This Week

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30666 HIGH This Week

Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30664 HIGH This Week

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30663 HIGH This Week

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30659 HIGH This Week

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30658 HIGH This Week

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30657 HIGH This Week

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30656 HIGH This Week

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30655 HIGH This Week

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30653 HIGH This Week

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30652 HIGH This Week

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30651 HIGH This Week

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30650 HIGH This Week

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30649 HIGH This Week

Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30647 HIGH This Week

Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30646 HIGH This Week

Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30645 HIGH This Week

Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30644 HIGH This Week

Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31277 HIGH This Week

PiiGAB M-Bus transmits credentials in plaintext format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20899 HIGH This Week

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Sd Wan Edge Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30195 HIGH This Week

In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lgdetailedorder
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3529 HIGH This Week

A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rotem Crm
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36461 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mastodon
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-37260 HIGH PATCH This Week

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oauth2 Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30325 HIGH This Week

SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30323 HIGH This Week

SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Chatengine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37241 HIGH This Week

Input verification vulnerability in the WMS API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37239 HIGH This Week

Format string vulnerability in the distributed file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-34164 HIGH This Week

Vulnerability of incomplete input parameter verification in the communication framework module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1695 HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1691 HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36456 HIGH PATCH This Week

authentik is an open-source Identity Provider. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2023-22365 HIGH This Week

An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2023-30643 HIGH This Week

Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-30674 MEDIUM This Month

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36459 MEDIUM PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mastodon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy