Skip to main content
CVE-2023-40574 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-40569 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-40567 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-40187 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Apache Information Disclosure Memory Corruption Freerdp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-40186 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39352 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39355 CRITICAL POC PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Denial Of Service Memory Corruption Freerdp +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41637 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41636 CRITICAL POC Act Now

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Realgimm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40575 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-40188 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-40181 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-39356 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2023-39353 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-41640 HIGH POC This Week

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Realgimm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-41638 HIGH POC This Week

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40576 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-39354 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39351 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39350 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-40589 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41635 MEDIUM POC This Month

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Realgimm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-41642 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Realgimm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-4655 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3162 CRITICAL PATCH Act Now

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Stripe Payment Plugin For Woocommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-41748 CRITICAL Act Now

Remote command execution due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cloud Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41746 CRITICAL Act Now

Remote command execution due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cloud Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41034 CRITICAL PATCH Act Now

Eclipse Leshan is a device management server and client Java implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Leshan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31175 CRITICAL Act Now

An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-28801 CRITICAL Act Now

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.2 before 6.2r. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Zscaler Internet Access Admin Portal
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-31424 CRITICAL Act Now

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brocade Sannav
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4683 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4682 MEDIUM POC PATCH This Month

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4681 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4678 MEDIUM POC PATCH This Month

Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41717 MEDIUM POC This Month

Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Zscaler Proxy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4652 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4651 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4649 MEDIUM POC PATCH This Month

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41045 MEDIUM POC PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Graylog
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-3677 HIGH PATCH This Week

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2229 HIGH This Week

The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Rduplicator
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3636 HIGH PATCH This Week

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Project Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-34392 HIGH This Week

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41738 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Router Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-4653 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4650 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Instantcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2023-31173 HIGH This Week

Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-4299 HIGH This Week

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Realport Connectport Ts 8 16 Firmware Passport Firmware Connectport Lts 8 16 32 Firmware +16
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-31167 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Sel 5036 Acselerator Bay Screen Builder
NVD
CVSS 3.1
8.1
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy