Skip to main content
CVE-2023-26078 HIGH POC This Week

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Atera
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3872 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3871 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2761 HIGH POC This Week

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi User Activity Log
NVD WPScan
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-37613 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trialworks
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2309 MEDIUM POC This Month

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpforo Forum
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-26045 CRITICAL PATCH Act Now

NodeBB is Node.js based forum software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34478 CRITICAL PATCH Act Now

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3859 CRITICAL Act Now

A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical.php of the component GET Parameter Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Car Listing
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-20593 MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware +67
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2023-3745 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3321 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3344 MEDIUM POC This Month

The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Auto Location For Wp Job Manager Via Google
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3248 MEDIUM POC This Month

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Elements
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-38060 HIGH This Week

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Otrs
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3322 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Zenon
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-32258 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Linux Linux Kernel H300S +3
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2023-32257 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Linux Linux Kernel Solidfire Hci Storage Node +4
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2023-3019 MEDIUM PATCH CISA This Month

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Qemu Enterprise Linux
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2023-3640 HIGH This Week

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-26077 HIGH This Week

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Atera
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3812 HIGH PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1386 HIGH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3324 HIGH This Week

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Abb Deserialization Zenon
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3748 HIGH This Week

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Frrouting
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38200 HIGH PATCH This Week

A flaw was found in Keylime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Keylime Enterprise Linux Enterprise Linux Eus Enterprise Linux For Ibm Z Systems +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-32252 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-32248 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel H300S +4
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-32247 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel H300S H410S +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2023-3417 HIGH This Week

Thunderbird allowed the Text Direction Override Unicode Character in filenames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38056 HIGH This Week

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Otrs
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-3567 HIGH PATCH This Week

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-33952 MEDIUM PATCH This Month

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Enterprise Linux Enterprise Linux For Real Time +1
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-22428 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3861 MEDIUM This Month

A vulnerability was found in phpscriptpoint Insurance 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Insurance
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3860 MEDIUM This Month

A vulnerability was found in phpscriptpoint Insurance 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Insurance
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3858 MEDIUM This Month

A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Listing
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3857 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ecommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3856 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ecommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3855 MEDIUM This Month

A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Jobseeker
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3323 MEDIUM This Month

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Abb Zenon
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3384 MEDIUM This Month

A flaw was found in the Quay registry. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quay
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38057 MEDIUM This Month

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3750 MEDIUM This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libvirt Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-33951 MEDIUM PATCH This Month

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. Rated medium severity (CVSS 5.3).

Information Disclosure Linux Linux Kernel Enterprise Linux Enterprise Linux For Real Time +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-3862 MEDIUM This Month

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Travelable Trek Management Solution
NVD VulDB
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-2860 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-38058 MEDIUM This Month

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.0.X before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Otrs
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3863 MEDIUM PATCH This Month

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy