Skip to main content
CVE-2023-36874 HIGH POC KEV PATCH THREAT Act Now

Windows Error Reporting Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
43.1%
CVE-2023-3626 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706.ashx of the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3625 CRITICAL POC Act Now

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3623 CRITICAL POC Act Now

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3617 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Best POS Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37659 CRITICAL POC PATCH Act Now

xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Xalpha
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-37656 CRITICAL POC Act Now

WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Websiteguide
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-34561 CRITICAL POC Act Now

A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Geometry Dash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-3627 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3621 HIGH POC This Week

A vulnerability was found in IBOS OA 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33148 HIGH POC PATCH This Week

Microsoft Office Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-37597 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37596 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31818 HIGH POC This Week

An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marukyu Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2078 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-2079 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-36163 MEDIUM POC This Month

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Buildagate
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.1%
CVE-2023-29131 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2023-29130 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-37271 CRITICAL PATCH Act Now

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Restrictedpython
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-3127 CRITICAL Act Now

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Istar Ultra Firmware Istar Ultra Lt Firmware Istar Ultra G2 Firmware Edge G2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36825 CRITICAL PATCH Act Now

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Deserialization Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35367 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-35366 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-35365 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-33154 CRITICAL PATCH Act Now

Windows Partition Management Driver Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32057 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-32056 CRITICAL PATCH Act Now

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3624 CRITICAL Act Now

A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Inout Blockchain Fiatexchanger
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28001 CRITICAL Act Now

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-26861 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Viva Wallet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3619 CRITICAL Act Now

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical.php?f=save_service of the component HTTP POST Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33150 CRITICAL PATCH Act Now

Microsoft Office Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-2746 CRITICAL Act Now

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS CSRF Information Disclosure Enhanced Him
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-37767 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37766 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37765 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37174 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3620 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tarteaucitron
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37658 MEDIUM POC This Month

fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Fast Poster
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37657 MEDIUM POC This Month

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Twonav
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35871 CRITICAL Act Now

The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure SAP Web Dispatcher
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2023-33987 CRITICAL Act Now

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Request Smuggling Web Dispatcher
NVD
CVSS 3.1
9.4
EPSS
0.7%
CVE-2023-1672 MEDIUM POC PATCH This Month

A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.

Race Condition Information Disclosure Tang Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-24492 HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Code Injection Citrix Secure Access Client
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-35364 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35322 HIGH PATCH This Week

Windows Deployment Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-35315 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-35311 HIGH KEV PATCH THREAT This Week

Microsoft Outlook Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
8.8
EPSS
15.5%
CVE-2023-35303 HIGH PATCH This Week

USB Audio Class System Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
8.8
EPSS
1.5%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy