Skip to main content
CVE-2023-38831 HIGH POC KEV THREAT Act Now

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winrar
NVD
CVSS 3.1
7.8
EPSS
97.8%
CVE-2023-40185 HIGH POC PATCH This Week

shescape is simple shell escape library for JavaScript. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Shescape
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-40035 HIGH POC PATCH This Week

Craft is a CMS for creating custom digital experiences on the web and beyond. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2023-40025 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-4404 CRITICAL Act Now

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Charitable
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4041 CRITICAL Act Now

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Gecko Bootloader
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-41028 HIGH This Week

A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36317 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Student Study Center Desk Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-32202 HIGH This Week

Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Intuition 9 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40177 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40144 HIGH This Week

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nr4H Firmware Nr8H Firmware Nr16H Firmware Dr 16F42A Firmware +19
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-40158 HIGH This Week

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nr4H Firmware Nr8H Firmware Nr16H Firmware Dr 16F42A Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38585 HIGH This Week

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Nr4H Firmware Nr8H Firmware Nr16H Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4430 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2023-4429 HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3453 HIGH PATCH This Week

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Remote Access Server Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-37379 HIGH PATCH This Week

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Denial Of Service Airflow
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2023-4431 HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-4428 HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
10.9%
CVE-2023-4427 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.1
EPSS
34.0%
CVE-2023-40612 HIGH PATCH This Week

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

XXE Horizon Meridian
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-40273 HIGH PATCH This Week

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Airflow
NVD GitHub
CVSS 3.1
8.0
EPSS
1.4%
CVE-2023-3899 HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass Subscription Manager Fedora +18
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3495 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39985 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39984 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38422 HIGH This Week

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Intuition 9 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1409 HIGH PATCH This Week

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Microsoft MongoDB
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41105 HIGH PATCH This Week

An issue was discovered in Python 3.11 through 3.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Active Iq Unified Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-20169 HIGH This Week

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2023-20168 MEDIUM This Month

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-41104 MEDIUM PATCH This Month

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Information Disclosure Authentication Bypass Varnish Enterprise Vmod Digest
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20200 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Firepower 9300 Firmware Firepower 4143 Firmware Firepower 4112 Firmware +5
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-41098 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.174. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32509 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Order Your Posts Manually
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32300 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28994 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flatsome
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32499 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Radio Station
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32236 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Appointments Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32119 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Mail Integration For Office 365 Outlook
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-20234 MEDIUM This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Extensible Operating System
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-39441 MEDIUM PATCH This Month

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache OpenSSL Information Disclosure Airflow Apache Airflow Providers Imap +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-4042 MEDIUM This Month

A flaw was found in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Red Hat Ghostscript Codeready Linux Builder +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39986 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Eh View
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40176 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
78.9%
CVE-2023-20230 MEDIUM This Month

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Application Policy Infrastructure Controller
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-20115 MEDIUM This Month

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40282 MEDIUM This Month

Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wifi Pocket Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40178 MEDIUM PATCH This Month

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41100 MEDIUM PATCH This Month

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Form Project
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy