Skip to main content
CVE-2023-38771 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38770 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38769 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38768 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38767 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38765 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38764 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38762 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38760 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2423 HIGH This Week

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Armor Powerflex Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24698 HIGH PATCH This Week

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Foswiki
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39269 HIGH This Week

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruggedcom Ros
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-37373 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruggedcom Crossbow
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28555 HIGH This Week

Transient DOS in Audio while remapping channel buffer in media codec decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware Wcn6750 Firmware +67
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21625 HIGH This Week

Information disclosure in Network Services due to buffer over-read while the device receives DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware +43
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37486 HIGH This Week

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33993 HIGH This Week

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP SQLi Business One
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38531 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38530 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38529 HIGH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38528 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38527 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38526 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38525 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38167 HIGH PATCH This Week

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Dynamics 365 Business Central
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-4009 HIGH This Week

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ops Manager Server
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-36876 HIGH PATCH This Week

Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows Server 2008
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-21652 HIGH This Week

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +116
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-21626 HIGH This Week

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware Aqt1000 Firmware +181
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-38176 HIGH PATCH This Week

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Azure Arc Enabled Servers
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-35378 HIGH PATCH This Week

Windows Projected File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-28576 HIGH PATCH This Week

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. Rated high severity (CVSS 7.0).

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +26
NVD
CVSS 3.1
7.0
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy