Skip to main content
CVE-2023-37466 CRITICAL POC PATCH Act Now

vm2 is an advanced vm/sandbox for Node.js. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Node.js Code Injection Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
2.3%
CVE-2023-37794 CRITICAL POC Act Now

WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fbm 291W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-37793 CRITICAL POC Act Now

WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fbm 291W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38336 CRITICAL POC Act Now

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netkit
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-37723 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37722 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37721 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37719 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37718 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37717 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +5
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37716 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +5
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37715 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37714 CRITICAL POC Act Now

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37462 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
91.3%
CVE-2023-36887 HIGH POC PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Google Microsoft Edge Chromium
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-3514 HIGH POC This Week

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Razer Central
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3513 HIGH POC This Week

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Deserialization Microsoft Razer Central
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37464 HIGH POC PATCH This Week

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cjose
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38325 HIGH POC PATCH This Week

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37474 HIGH POC PATCH THREAT This Week

Copyparty is a portable file server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Copyparty
NVD GitHub
CVSS 3.1
7.5
EPSS
42.8%
CVE-2023-38286 HIGH POC PATCH This Week

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java RCE Command Injection Spring Boot Admin Thymeleaf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3673 HIGH POC PATCH This Week

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-3668 HIGH POC PATCH This Week

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-34236 MEDIUM POC PATCH This Month

Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Hashicorp Gitops Terraform Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37472 MEDIUM POC This Month

Knowage is an open source suite for business analytics. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Knowage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2082 MEDIUM POC PATCH This Month

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Buy Me A Coffee
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3672 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webmention Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38253 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38252 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-37268 HIGH PATCH This Week

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37473 HIGH PATCH This Week

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Collection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32761 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE CSRF Archer
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-35692 HIGH This Week

In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38337 HIGH PATCH This Week

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rswag
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-36818 HIGH PATCH This Week

Discourse is an open source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3633 HIGH This Week

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash.94791 and lower. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Engines
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36835 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28985 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36832 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36831 HIGH This Week

An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36850 MEDIUM This Month

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36849 MEDIUM This Month

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36848 MEDIUM This Month

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36834 MEDIUM This Month

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32760 MEDIUM This Month

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32759 MEDIUM This Month

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36833 MEDIUM This Month

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36888 MEDIUM PATCH This Month

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-37224 MEDIUM This Month

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36840 MEDIUM This Month

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy