Skip to main content
CVE-2023-4346 HIGH POC KEV THREAT Act Now

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connection Authorization
NVD
CVSS 3.1
7.5
EPSS
0.5%
Threat
4.5
CVE-2023-34039 CRITICAL POC PATCH THREAT Act Now

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Aria Operations For Networks
NVD
CVSS 3.1
9.8
EPSS
64.2%
CVE-2021-3262 CRITICAL POC Act Now

TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novusedu Veo Transportation
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-41265 CRITICAL POC KEV THREAT Act Now

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Microsoft Qlik Sense
NVD
CVSS 3.1
9.9
EPSS
85.0%
CVE-2023-38975 HIGH POC This Week

* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Qdrant
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39663 HIGH POC This Week

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mathjax
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3646 HIGH POC This Week

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Eos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41376 HIGH POC This Week

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Service Router Linux Service Router Operating System
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38802 HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-41266 MEDIUM POC KEV THREAT This Month

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Qlik Sense
NVD
CVSS 3.1
6.5
EPSS
82.6%
CVE-2023-39615 MEDIUM POC This Month

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Libxml2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24548 MEDIUM POC This Month

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Eos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39558 MEDIUM POC This Month

AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Audimexee
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39678 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS P3310D 2Ac Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39268 CRITICAL Act Now

A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Arubaos Switch
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40890 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Zbar
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-40889 CRITICAL Act Now

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Zbar
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-40787 CRITICAL Act Now

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2023-23770 CRITICAL Act Now

Motorola MBTS Site Controller accepts hard-coded backdoor password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbts Site Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-41361 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38971 MEDIUM POC This Month

Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-39559 MEDIUM POC This Month

AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Audimexee
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-38283 MEDIUM POC PATCH This Month

In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Openbgpd
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-41360 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41359 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-4572 HIGH This Week

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23773 HIGH This Week

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Ebts Base Radio Firmware Mbts Base Radio Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-23772 HIGH This Week

Motorola MBTS Site Controller fails to check firmware update authenticity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jwt Attack Mbts Site Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32457 HIGH PATCH This Week

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23774 HIGH This Week

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ebts Site Controller Firmware Mbts Site Controller Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-23771 HIGH This Week

Motorola MBTS Base Radio accepts hard-coded backdoor password. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbts Base Radio Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-41037 MEDIUM POC PATCH This Month

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Openpgpjs
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39616 HIGH PATCH This Week

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Aomedia
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41358 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-1995 HIGH This Week

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hirdb Server With Additional Function Hirdb Structured Data Access Facility Hirdb Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20890 HIGH This Week

Aria Operations for Networks contains an arbitrary file write vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal VMware Aria Operations For Networks
NVD
CVSS 3.1
7.2
EPSS
21.6%
CVE-2023-41362 HIGH PATCH This Week

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Code Injection Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-39267 MEDIUM This Month

An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Arubaos Switch
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-3252 MEDIUM This Month

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4611 MEDIUM PATCH This Month

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-4296 MEDIUM This Month

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Codebeamer
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-32241 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Essential Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39266 MEDIUM This Month

A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos Switch
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0238 MEDIUM This Month

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Warp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41153 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39522 MEDIUM PATCH This Month

goauthentik is an open-source Identity Provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authentik
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-3251 MEDIUM This Month

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.6.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-3253 MEDIUM This Month

An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-41363 MEDIUM PATCH This Month

In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0654 LOW Monitor

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Google XSS Warp
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy