Skip to main content
CVE-2023-32781 HIGH POC THREAT Act Now

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Prtg Network Monitor
NVD GitHub
CVSS 3.1
7.2
EPSS
12.3%
CVE-2023-4239 HIGH POC This Week

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Real Estate Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-38348 HIGH POC This Week

A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Benno Mailarchiv
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2905 HIGH POC PATCH This Week

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Mongoose
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33242 HIGH POC This Week

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lindell17
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-33469 HIGH POC This Week

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Via Go2 Firmware Via Connect2 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39003 HIGH POC This Week

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opnsense
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39005 HIGH POC This Week

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opnsense
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36673 HIGH POC This Week

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Phantom Vpn
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-38997 HIGH POC PATCH This Week

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opnsense
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-4243 HIGH This Week

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress File Upload Full Customer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31452 HIGH This Week

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prtg Network Monitor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37861 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23574 HIGH This Week

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-22378 HIGH This Week

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-37862 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-38212 HIGH PATCH This Week

Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38211 HIGH PATCH This Week

Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40012 HIGH PATCH This Week

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Uthenticode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33953 HIGH PATCH This Week

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Grpc
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38207 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Code Injection Commerce
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37860 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39910 HIGH This Week

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libbitcoin Explorer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-3518 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp HashiCorp Consul
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2023-22843 HIGH This Week

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cmc Guardian
NVD
CVSS 4.0
7.3
EPSS
0.3%
CVE-2023-32782 HIGH This Week

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Prtg Network Monitor
NVD
CVSS 3.1
7.2
EPSS
52.1%
CVE-2023-38208 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-37864 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-37863 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-37859 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37857 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-23347 HIGH This Week

HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dryice Iautomate
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23346 HIGH This Week

HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dryice Mycloud
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-24471 HIGH This Week

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cmc Guardian
NVD
CVSS 4.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy