Skip to main content
CVE-2023-39358 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-39357 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-39359 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-40918 HIGH POC This Week

KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Knowstreaming
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41108 HIGH POC This Week

TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Tef Portal
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-4781 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux macOS
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-31132 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft PHP Authentication Bypass Cacti
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34353 HIGH POC This Week

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-4748 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ufida Nc
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39362 HIGH POC THREAT This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Cacti Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
82.2%
CVE-2023-4763 HIGH This Week

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4762 HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
38.0%
CVE-2023-2453 HIGH This Week

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpfusion
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39448 HIGH PATCH This Week

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Path Traversal Shirasagi
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4761 HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-34998 HIGH This Week

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-32615 HIGH This Week

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-4487 HIGH This Week

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20898 HIGH PATCH This Week

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Rated high severity (CVSS 7.8). No vendor patch available.

Denial Of Service Salt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33021 HIGH PATCH This Week

Memory corruption in Graphics while processing user packets for command submission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Apq8064au Firmware Aqt1000 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28573 HIGH This Week

Memory corruption in WLAN HAL while parsing WMI command parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28567 HIGH This Week

Memory corruption in WLAN HAL while handling command through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +281
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28565 HIGH This Week

Memory corruption in WLAN HAL while handling command streams through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 9205 Lte Firmware Apq8017 Firmware Apq8064au Firmware Apq8076 Firmware +288
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28564 HIGH This Week

Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware +244
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28560 HIGH This Week

Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8076 Firmware Apq8084 Firmware Apq8092 Firmware Apq8094 Firmware +263
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28559 HIGH This Week

Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware Csr8811 Firmware +207
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28558 HIGH This Week

Memory corruption in WLAN handler while processing PhyID in Tx status handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +191
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28557 HIGH This Week

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +269
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28549 HIGH This Week

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28548 HIGH PATCH This Week

Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +175
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28544 HIGH This Week

Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar9380 Firmware Csr8811 Firmware Csra6620 Firmware +201
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28538 HIGH This Week

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Aqt1000 Firmware Csra6620 Firmware Csra6640 Firmware +127
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21664 HIGH This Week

Memory Corruption in Core Platform while printing the response buffer in log. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fsm10056 Firmware Ipq5010 Firmware +133
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21663 HIGH PATCH This Week

Memory Corruption while accessing metadata in Display. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Aqt1000 Firmware Qca6420 Firmware Qca6430 Firmware Qca6574au Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21662 HIGH This Week

Memory corruption in Core Platform while printing the response buffer in log. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fsm10056 Firmware Ipq5010 Firmware +132
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21655 HIGH PATCH This Week

Memory corruption in Audio while validating and mapping metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qca6391 Firmware Qca6574au Firmware Qca6696 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21654 HIGH PATCH This Week

Memory corruption in Audio during playback session with audio effects enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Apq8096Au Firmware Aqt1000 Firmware Mdm9150 Firmware Mdm9628 Firmware +52
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21644 HIGH This Week

Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware Qca6420 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21636 HIGH This Week

Memory Corruption due to improper validation of array index in Linux while updating adn record. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware Qca6420 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-4540 HIGH PATCH This Week

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lua Http
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41909 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33020 HIGH PATCH This Week

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass 9206 Lte Firmware Apq8017 Firmware Apq8052 Firmware Apq8056 Firmware +78
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33019 HIGH PATCH This Week

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass 9206 Lte Firmware Apq8017 Firmware Apq8052 Firmware Apq8056 Firmware +78
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33016 HIGH This Week

Transient DOS in WLAN firmware while parsing MLO (multi-link operation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Immersive Home 214 Firmware +62
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33015 HIGH This Week

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5G Firmware Aqt1000 Firmware Ar8035 Firmware Ar9380 Firmware +186
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28584 HIGH PATCH This Week

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +66
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21653 HIGH This Week

Transient DOS in Modem while processing RRC reconfiguration message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Qca8081 Firmware Qca8337 Firmware Qcn6024 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21646 HIGH This Week

Transient DOS in Modem while processing invalid System Information Block 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware Qca6574a Firmware +50
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-35906 HIGH PATCH This Week

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3375 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy