Skip to main content
CVE-2023-32077 HIGH POC PATCH THREAT GHSA Act Now

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

Docker Information Disclosure Netmaker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
86.6%
Threat
5.6
CVE-2023-37469 HIGH POC PATCH This Week

CasaOS is an open-source personal cloud system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Casaos
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-40573 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF RCE Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40572 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE CSRF Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-40017 HIGH POC PATCH This Week

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Geonode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4513 HIGH POC This Week

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4512 HIGH POC This Week

CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32559 HIGH POC This Week

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Node.js RCE Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-32079 HIGH PATCH This Week

Netmaker makes networks with WireGuard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Privilege Escalation Netmaker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4419 HIGH This Week

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Lms531 Firmware Lms511 Firmware Lms500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34971 HIGH This Week

An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-40022 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34040 HIGH PATCH This Week

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Apache Deserialization Spring For Apache Kafka
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-32078 HIGH PATCH This Week

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Authentication Bypass Netmaker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-4418 HIGH This Week

A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lms531 Firmware Lms511 Firmware Lms500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31412 HIGH This Week

The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lms531 Firmware Lms511 Firmware Lms500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-40710 HIGH This Week

An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snap Pac S1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40709 HIGH This Week

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snap Pac S1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40707 HIGH This Week

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Snap Pac S1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3705 HIGH PATCH This Week

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cp Vnr 3104 Firmware Cp Vnr 3108 Firmware Cp Vnr 3208 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4511 HIGH PATCH This Week

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-4420 HIGH This Week

A remote unprivileged attacker can intercept the communication via e.g. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Lms531 Firmware Lms511 Firmware Lms500 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy