Skip to main content
CVE-2023-38169 HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Odbc Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36882 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-36541 HIGH This Week

Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Zoom
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35387 HIGH PATCH This Week

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-35381 HIGH PATCH This Week

Windows Fax Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-35368 HIGH PATCH This Week

Microsoft Exchange Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-29330 HIGH PATCH This Week

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Teams
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-29328 HIGH PATCH This Week

Microsoft Teams Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Teams
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-38759 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Workout Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27411 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37570 HIGH This Week

This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Emagic Data Center Management
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3573 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3571 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3570 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-37491 HIGH This Week

The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Message Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-36897 HIGH PATCH This Week

Visual Studio Tools for Office Runtime Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +4
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-39214 HIGH This Week

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Zoom
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-38182 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
11.1%
CVE-2023-36892 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2023-36891 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2023-35388 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
12.4%
CVE-2023-37646 HIGH This Week

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Opener
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-39211 HIGH This Week

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Rooms Zoom
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36344 HIGH This Week

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vynamic View
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38175 HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38170 HIGH PATCH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-38154 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1809 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-36904 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-36900 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
7.8
EPSS
12.1%
CVE-2023-36898 HIGH PATCH This Week

Tablet Windows User Interface Application Core Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 11 21H2 Windows 11 22h2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36896 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-36895 HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-36866 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-36865 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-36540 HIGH This Week

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Zoom
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35390 HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Net Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-35386 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2023-35382 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1809 +6
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2023-35380 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2023-35379 HIGH PATCH This Week

Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows Server 2008
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-35372 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-35371 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-35359 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
11.0%
CVE-2023-20562 HIGH PATCH This Week

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Amd Information Disclosure Amd Uprof
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-20555 HIGH This Week

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ryzen 3 3300 Firmware Ryzen 3 3300X Firmware +117
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39549 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39419 HIGH PATCH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39188 HIGH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39187 HIGH This Week

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy