Skip to main content
CVE-2023-37215 CRITICAL Act Now

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jbl Bar 5 1 Surround Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37214 CRITICAL Act Now

Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ero1Xs Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37213 CRITICAL Act Now

Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Synergy A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32227 CRITICAL Act Now

Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synergy A Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37219 HIGH This Week

Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aeonix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37218 HIGH This Week

Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Aeonix
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32225 HIGH This Week

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Sysaid On Premises
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37216 MEDIUM This Month

AnaSystem SensMini M4 - Using the configuration tool, an authenticated user can cause Denial of Service for the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sensmini M4 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32226 MEDIUM This Month

Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Sysaid On Premises
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37217 MEDIUM This Month

Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aeonix
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy