Skip to main content
CVE-2023-36281 CRITICAL POC PATCH Act Now

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-23564 HIGH POC This Week

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Isigeo Web
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-39026 HIGH POC THREAT This Week

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Filemage
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.6%
CVE-2023-39141 HIGH POC This Week

webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webui Aria2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-24517 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-38996 MEDIUM POC This Month

An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Dsgate
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-23563 MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isigeo Web
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-38909 MEDIUM POC This Month

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38734 CRITICAL PATCH Act Now

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Robotic Process Automation
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38668 MEDIUM POC This Month

Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38667 MEDIUM POC This Month

Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38666 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38665 MEDIUM POC This Month

Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39599 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24516 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23565 MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Isigeo Web
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-37434 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-37433 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37432 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37431 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37430 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37429 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37424 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-34853 HIGH This Week

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X12Dai N6 Firmware X12Ddw A6 Firmware X12Dgo 6 Firmware +268
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-33850 HIGH This Week

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-37426 HIGH This Week

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37428 HIGH This Week

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-37427 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-4212 MEDIUM This Month

​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Xl824 Firmware Xl850 Firmware Xl1050 Firmware Pivot Firmware
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2023-37438 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37437 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37436 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37435 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24515 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Pandora Fms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-38908 MEDIUM This Month

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38906 MEDIUM This Month

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37439 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37425 MEDIUM This Month

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24514 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4475 MEDIUM This Month

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Data Master
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3699 MEDIUM This Month

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Master
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-37423 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37422 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37421 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40370 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37440 MEDIUM This Month

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-27418 MEDIUM PATCH This Month

A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Linux Use After Free Fedora Linux Kernel
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-38733 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38732 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy