Skip to main content
CVE-2023-3519 CRITICAL POC KEV EUVD KEV THREAT Emergency

Citrix NetScaler ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited massively in summer 2023, with thousands of appliances compromised before patches were applied.

NVD
CVSS 3.1
9.8
EPSS
93.8%
Threat
9.8
CVE-2023-3765 CRITICAL POC PATCH THREAT Act Now

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
10.0
EPSS
70.7%
CVE-2023-3722 CRITICAL POC Act Now

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file.1.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Command Injection Aura Device Services
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-3759 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33876 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33866 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28744 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27379 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-32664 HIGH POC This Week

A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-37899 HIGH POC PATCH This Week

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Feathers
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-37276 HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-3763 HIGH POC This Week

A vulnerability was found in Intergard SGS 8.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3760 MEDIUM POC This Month

A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37733 MEDIUM POC This Month

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload Tduck Platform
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3782 MEDIUM POC This Month

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Okhttp Brotli
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-3638 CRITICAL Act Now

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gv Adr2701 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34034 CRITICAL PATCH Act Now

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-3463 CRITICAL Act Now

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3751 CRITICAL Act Now

A vulnerability was found in Super Store Finder 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Super Store Finder
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37748 MEDIUM POC This Month

ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ngiflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37362 HIGH This Week

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Weincloud
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-26217 HIGH This Week

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SQLi Ebx Add Ons
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-28754 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Deserialization Shardingsphere
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22506 HIGH PATCH This Week

This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Atlassian Bamboo Data Center Bamboo Server
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-3467 HIGH This Week

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
8.0
EPSS
2.1%
CVE-2023-36853 HIGH This Week

​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Geolocation Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34394 HIGH This Week

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Geolocation Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34429 HIGH This Week

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Weincloud
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32657 HIGH This Week

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Weincloud
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25838 HIGH PATCH This Week

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

SQLi Arcgis Insights
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3762 HIGH This Week

A vulnerability was found in Intergard SGS 8.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3761 HIGH This Week

A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28513 HIGH PATCH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq Mq Appliance
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27877 HIGH PATCH This Week

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26026 HIGH PATCH This Week

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26023 HIGH PATCH This Week

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30799 HIGH This Week

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Mikrotik Routeros
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-25839 HIGH PATCH This Week

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the. Rated high severity (CVSS 7.0).

Microsoft SQLi Arcgis Insights
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-32262 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dimensions Cm
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32261 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Dimensions Cm
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35898 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3466 MEDIUM This Month

Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
6.1
EPSS
3.0%
CVE-2023-3757 MEDIUM This Month

A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Rental Php Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3756 MEDIUM This Month

A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3755 MEDIUM This Month

A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3754 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ekushey Project Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3753 MEDIUM This Month

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mastery Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3752 MEDIUM This Month

A vulnerability was found in Creativeitem Academy LMS 5.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Academy Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35134 MEDIUM This Month

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Weincloud
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-32263 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dimensions Cm
NVD
CVSS 3.1
5.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy