Skip to main content
CVE-2023-37598 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
4.5
EPSS
0.6%
CVE-2023-30563 HIGH This Week

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Alaris Systems Manager
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-37565 HIGH This Week

Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Wrc 1167Ghbk S Firmware Wrc 1167Gebk S Firmware Wrc 1167Febk S Firmware +2
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-37564 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Ghbk S Firmware Wrc 1167Gebk S Firmware Wrc 1167Febk S Firmware Wrc 1167Ghbk3 A Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-37568 HIGH This Week

ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Ghbk S Firmware Wrc 1167Gebk S Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-37566 HIGH This Week

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc 1167Ghbk3 A Firmware Wrc 1167Febk A Firmware
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2023-37274 HIGH PATCH This Week

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Docker Path Traversal RCE Python Code Injection +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21399 HIGH This Week

there is a possible way to bypass cryptographic assurances due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21257 HIGH PATCH This Week

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21256 HIGH PATCH This Week

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21255 HIGH PATCH This Week

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21254 HIGH PATCH This Week

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21248 HIGH PATCH This Week

In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21247 HIGH PATCH This Week

In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21245 HIGH PATCH This Week

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21241 HIGH PATCH This Week

In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21145 HIGH PATCH This Week

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35069 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-35945 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy Nghttp2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26597 HIGH This Week

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Honeywell C300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25948 HIGH This Week

Server information leak of configuration data when an error is generated in response to a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Honeywell Experion Server Experion Station Engineering Station +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25770 HIGH This Week

Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Honeywell Deserialization C300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25078 HIGH This Week

Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Honeywell Experion Server Experion Station +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24480 HIGH This Week

Controller DoS due to stack overflow when decoding a message from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Honeywell C300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24474 HIGH This Week

Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Experion Server Experion Station Engineering Station +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23585 HIGH This Week

Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Honeywell Experion Server Experion Station +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22435 HIGH This Week

Experion server may experience a DoS due to a stack overflow when handling a specially crafted message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Experion Server Experion Station Engineering Station Direct Station
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-29458 HIGH This Week

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zabbix
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29451 HIGH This Week

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zabbix
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29450 HIGH This Week

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-3424 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38197 HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qt
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-35694 HIGH This Week

In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34123 HIGH This Week

Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Global Management System Analytics
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21251 HIGH PATCH This Week

In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-35691 HIGH This Week

there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-30564 MEDIUM This Month

Alaris Systems Manager does not perform input validation during the Device Import Function. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

XSS Alaris Systems Manager
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2023-30560 MEDIUM This Month

The configuration from the PCU can be modified without authentication using physical connection to the PCU. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-30562 MEDIUM This Month

A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Alaris Guardrails Editor
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-35693 MEDIUM PATCH This Month

In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-35833 MEDIUM This Month

An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Safeq Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3444 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37563 MEDIUM This Month

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrc 1167Ghbk S Firmware Wrc 1167Gebk S Firmware Wrc 1167Febk S Firmware Wrc 1167Ghbk3 A Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-34135 MEDIUM This Month

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service.3.2-SP1 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-34134 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-2190 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34125 MEDIUM This Month

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
25.2%
CVE-2023-36473 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30561 MEDIUM This Month

The data flowing between the PCU and its modules is insecure. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-37746 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy