Skip to main content
CVE-2023-41640 HIGH POC This Week

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Realgimm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-41638 HIGH POC This Week

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Realgimm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40576 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-39354 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39351 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39350 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-40589 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3677 HIGH PATCH This Week

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2229 HIGH This Week

The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Rduplicator
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3636 HIGH PATCH This Week

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Project Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-34392 HIGH This Week

A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41738 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Router Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-31173 HIGH This Week

Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-4299 HIGH This Week

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Realport Connectport Ts 8 16 Firmware Passport Firmware Connectport Lts 8 16 32 Firmware +16
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-31167 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft Sel 5036 Acselerator Bay Screen Builder
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-46869 HIGH This Week

Local privilege escalation during installation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41743 HIGH This Week

Local privilege escalation due to insecure driver communication port permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Agent Cyber Protect Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-41744 HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack Agent Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41749 HIGH This Week

Sensitive information disclosure due to excessive collection of system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41742 HIGH This Week

Excessive attack surface due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33835 HIGH PATCH This Week

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Information Queue
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41741 HIGH PATCH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3489 HIGH This Week

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31172 HIGH This Week

An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2023-2188 HIGH PATCH This Week

The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Colibri Page Builder
NVD VulDB
CVSS 3.1
7.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy