Skip to main content
CVE-2023-38831 HIGH POC KEV THREAT Act Now

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winrar
NVD
CVSS 3.1
7.8
EPSS
97.8%
CVE-2023-40185 HIGH POC PATCH This Week

shescape is simple shell escape library for JavaScript. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Shescape
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-40035 HIGH POC PATCH This Week

Craft is a CMS for creating custom digital experiences on the web and beyond. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2023-40025 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-41028 HIGH This Week

A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32202 HIGH This Week

Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Intuition 9 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40177 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40144 HIGH This Week

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nr4H Firmware Nr8H Firmware Nr16H Firmware Dr 16F42A Firmware +19
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-40158 HIGH This Week

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nr4H Firmware Nr8H Firmware Nr16H Firmware Dr 16F42A Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38585 HIGH This Week

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Nr4H Firmware Nr8H Firmware Nr16H Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4430 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2023-4429 HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3453 HIGH PATCH This Week

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Remote Access Server Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-37379 HIGH PATCH This Week

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Denial Of Service Airflow
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2023-4431 HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-4428 HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
10.9%
CVE-2023-4427 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.1
EPSS
34.0%
CVE-2023-40612 HIGH PATCH This Week

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

XXE Horizon Meridian
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-40273 HIGH PATCH This Week

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Airflow
NVD GitHub
CVSS 3.1
8.0
EPSS
1.4%
CVE-2023-3899 HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass Subscription Manager Fedora +18
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3495 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39985 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39984 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Eh View
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38422 HIGH This Week

Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Intuition 9 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1409 HIGH PATCH This Week

If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Microsoft MongoDB
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41105 HIGH PATCH This Week

An issue was discovered in Python 3.11 through 3.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Active Iq Unified Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-20169 HIGH This Week

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy