Skip to main content
CVE-2023-3797 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Four Mountain Torrent Disaster Prevention Control Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37650 HIGH POC PATCH This Week

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31462 HIGH POC This Week

An issue was discovered in SteelSeries GG 36.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Gg
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34625 HIGH POC This Week

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Mojobox Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-37649 HIGH POC PATCH This Week

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37601 HIGH POC This Week

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Office Suite
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-31461 HIGH POC This Week

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Gg
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3796 HIGH This Week

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Foody Friend
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-30200 HIGH PATCH This Week

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ultimateimagetool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34966 HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.0%
CVE-2023-37290 HIGH This Week

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Authentication Bypass Document On Line Submission And Approval System
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy