Skip to main content
CVE-2023-39139 HIGH POC This Week

An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Archive
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39138 HIGH POC This Week

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zipfoundation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-39137 HIGH POC This Week

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39135 HIGH POC This Week

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zip
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-41539 HIGH POC This Week

phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Business Directory Script
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40598 HIGH This Week

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Command Injection Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-40597 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk RCE Path Traversal Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40596 HIGH This Week

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Privilege Escalation Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40595 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Deserialization Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4571 HIGH This Week

In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Splunk Code Injection It Service Intelligence
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-41039 HIGH PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 3.1
7.7
EPSS
0.6%
CVE-2023-4640 HIGH This Week

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yugabytedb
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-40594 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40593 HIGH This Week

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3136 HIGH PATCH This Week

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Mailarchiver
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20266 HIGH This Week

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Emergency Responder Unified Communications Manager +1
NVD
CVSS 3.1
7.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy