Skip to main content
CVE-2023-3824 CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-22955 HIGH POC This Week

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 445Hd Firmware 405Hd Firmware C450Hd Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22957 HIGH POC This Week

An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C470Hd Firmware C455Hd Firmware C435Hd Firmware 445Hd Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22956 HIGH POC This Week

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C470Hd Firmware C455Hd Firmware C435Hd Firmware 445Hd Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-3823 HIGH POC This Week

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-40267 CRITICAL PATCH Act Now

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpython
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-40254 CRITICAL Act Now

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.0: from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-40253 CRITICAL Act Now

Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.0: from V4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-40256 CRITICAL Act Now

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Snapshot Manager
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-25775 CRITICAL Act Now

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Ethernet Controller Rdma Driver For Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27515 CRITICAL PATCH Act Now

Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation XSS Intel Driver Support Assistant
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-40260 CRITICAL Act Now

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Empowerid
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-32267 HIGH This Week

A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arcsight Management Center
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-39417 HIGH This Week

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi Software Collections Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28380 HIGH This Week

Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Ai Hackathon
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34438 HIGH PATCH This Week

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8).

Privilege Escalation Intel Nuc Rugged Kit Nuc8Cchb Firmware Nuc Rugged Kit Nuc8Cchbn Firmware Nuc Rugged Kit Nuc8Cchkrn Firmware +68
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34427 HIGH This Week

Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33877 HIGH This Week

Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33867 HIGH This Week

Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32663 HIGH This Week

Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32656 HIGH This Week

Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense 450 Fa Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32547 HIGH This Week

Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Mavinci Desktop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32543 HIGH This Week

Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Intelligent Test System
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-31246 HIGH PATCH This Week

Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Debug And Provisioning Tool
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-29151 HIGH PATCH This Week

Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Platform Service Record Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28658 HIGH This Week

Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Oneapi Math Kernel Library
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28405 HIGH This Week

Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Openvino
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-27509 HIGH This Week

Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Ispc Software Installer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-27506 HIGH PATCH This Week

Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Optimization For Tensorflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27505 HIGH This Week

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advanced Link Analyzer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-26587 HIGH This Week

Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Easy Streaming Wizard
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25944 HIGH This Week

Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Vcust Tool
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25773 HIGH This Week

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel Authentication Bypass Unite
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25182 HIGH This Week

Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Unite
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39949 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39948 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39947 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39946 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39945 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39534 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39553 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Drill
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-4108 HIGH PATCH This Week

Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-34355 HIGH PATCH This Week

Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Microsoft Integrated Bmc Video Driver
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28823 HIGH This Week

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor For Oneapi Cpu Runtime For Opencl Applications Distribution For Python Programming Language +26
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-24016 HIGH This Week

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-23577 HIGH PATCH This Week

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Ite Tech Consumer Infrared Driver
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-22841 HIGH PATCH This Week

Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Firmware Update Utility
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-3864 HIGH This Week

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SQLi Snow License Manager
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-25757 HIGH This Week

Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-35179 HIGH This Week

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Serv U
NVD
CVSS 3.1
7.2
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy