Skip to main content
CVE-2023-40857 HIGH POC This Week

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yara
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-39059 HIGH POC This Week

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ansible Semaphore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-41005 HIGH POC This Week

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pagekit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40590 HIGH POC PATCH This Week

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Microsoft Gitpython
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40998 HIGH POC This Week

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ric Message Router
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-40997 HIGH POC This Week

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ric Message Router
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-40827 HIGH POC PATCH This Week

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Pf4J
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-40826 HIGH POC This Week

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pf4J
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40825 HIGH POC This Week

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1997 HIGH This Week

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection 3Dexperience
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-40754 HIGH This Week

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Car Rental Script
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-40195 HIGH PATCH This Week

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Deserialization Airflow Spark Provider
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-27604 HIGH PATCH This Week

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow Sqoop Provider
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-23473 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22877 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-35785 HIGH PATCH This Week

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Zoho Authentication Bypass Manageengine Ad360 Manageengine Adaudit Plus +15
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2023-34758 HIGH PATCH This Week

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sliver
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-39810 HIGH This Week

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Busybox
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-40828 HIGH PATCH This Week

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Pf4J
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-36481 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung Exynos 9810 Firmware Exynos 9610 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26095 HIGH This Week

ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38030 HIGH This Week

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adm 100 Firmware Adm 100Fp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26271 HIGH PATCH This Week

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Guardium Cloud Key Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24959 HIGH PATCH This Week

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy