Skip to main content
CVE-2023-23564 HIGH POC This Week

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Isigeo Web
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-39026 HIGH POC THREAT This Week

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Filemage
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.6%
CVE-2023-39141 HIGH POC This Week

webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webui Aria2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-24517 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-37434 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-37433 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37432 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37431 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37430 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37429 HIGH This Week

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37424 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-34853 HIGH This Week

Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X12Dai N6 Firmware X12Ddw A6 Firmware X12Dgo 6 Firmware +268
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-33850 HIGH This Week

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-37426 HIGH This Week

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37428 HIGH This Week

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-37427 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy