Skip to main content
CVE-2023-32629 HIGH POC PATCH Act Now

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Privilege Escalation Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
8.9%
CVE-2023-2640 HIGH POC PATCH THREAT Act Now

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Authentication Bypass Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
15.8%
CVE-2023-31465 CRITICAL POC THREAT Act Now

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Timekeeper
NVD GitHub
CVSS 3.1
9.8
EPSS
44.5%
CVE-2023-38673 CRITICAL POC PATCH Act Now

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-38671 CRITICAL POC PATCH Act Now

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38669 CRITICAL POC PATCH Act Now

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30577 HIGH POC This Week

AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Amanda
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-30367 HIGH POC This Week

Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mremoteng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38672 HIGH POC PATCH This Week

FPE in paddle.trace in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38670 HIGH POC PATCH This Week

Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38433 HIGH POC This Week

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ip He950E Firmware Ip He950D Firmware Ip He900E Firmware Ip He900D Firmware +7
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-28130 HIGH POC THREAT This Week

Local user may lead to privilege escalation using Gaia Portal hostnames page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gaia Portal
NVD
CVSS 3.1
7.2
EPSS
21.4%
CVE-2023-37049 MEDIUM POC This Month

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Emlog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37624 MEDIUM POC PATCH This Month

Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Netdisco
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33308 CRITICAL Act Now

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortiproxy +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-26859 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Brevo
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38647 CRITICAL PATCH Act Now

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Helix
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-37732 MEDIUM POC This Month

Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33802 MEDIUM POC This Month

A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Sumatrapdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37692 MEDIUM POC This Month

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS October
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31466 MEDIUM POC This Month

An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Timekeeper
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37623 MEDIUM POC PATCH This Month

Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Netdisco
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-38555 HIGH This Week

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Si R 30B Firmware Si R 130B Firmware Si R 90Brin Firmware Si R570B Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1401 MEDIUM POC This Month

An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-26911 HIGH This Week

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Setupasusservices
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39261 HIGH This Week

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38285 HIGH This Week

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modsecurity
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3442 HIGH PATCH This Week

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Servicenow Devops
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23842 HIGH This Week

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Configuration Monitor
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-33225 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-33224 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2023-23844 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2023-23843 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2023-3414 MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Servicenow Devops
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39154 MEDIUM PATCH This Month

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Qualys Web App Scanning Connector
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39152 MEDIUM PATCH This Month

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gradle
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20891 MEDIUM PATCH This Month

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure VMware Isolation Segment Tanzu Application Service For Virtual Machines
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-28013 MEDIUM This Month

HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Verse
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3946 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3242 MEDIUM This Month

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Automation Runtime
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-39153 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Gitlab CSRF Gitlab Authentication
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-39151 MEDIUM PATCH This Month

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-30949 MEDIUM This Month

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slate
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-39156 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Bazaar
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-39155 MEDIUM This Month

Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Chef Identity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32468 MEDIUM PATCH This Month

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dell Ecs Streamer
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-3622 MEDIUM This Month

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Solarwinds Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-3947 LOW PATCH Monitor

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure WordPress Video Conferencing With Zoom
NVD VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2023-33229 LOW Monitor

The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Solarwinds Platform
NVD
CVSS 3.1
3.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy