Skip to main content
CVE-2023-39780 HIGH POC KEV THREAT This Week

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rt Ax55 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
33.6%
CVE-2023-38829 HIGH POC This Week

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wf2409E Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39070 HIGH POC This Week

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Cppcheck
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39063 HIGH POC This Week

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Raidenftpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31468 HIGH POC This Week

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Visiwin 7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-41879 HIGH POC PATCH This Week

Magento LTS is the official OpenMage LTS codebase. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Magento
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4278 HIGH POC This Week

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masterstudy Lms
NVD WPScan Exploit-DB
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-4314 HIGH POC This Week

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Wpdatatables
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-27470 HIGH POC This Week

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Take Control
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-35684 HIGH PATCH This Week

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-35673 HIGH This Week

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35658 HIGH PATCH This Week

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Privilege Escalation RCE Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-36497 HIGH This Week

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Maglink Lx Web Console Configuration
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3612 HIGH This Week

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-4585 HIGH This Week

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4584 HIGH This Week

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4582 HIGH This Week

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Apple Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4816 HIGH This Week

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Asset Suite
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4576 HIGH This Week

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Mozilla Microsoft Information Disclosure +3
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-35687 HIGH PATCH This Week

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35682 HIGH This Week

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35676 HIGH This Week

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35674 HIGH KEV PATCH THREAT This Week

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-35670 HIGH PATCH This Week

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35669 HIGH PATCH This Week

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35667 HIGH PATCH This Week

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35666 HIGH PATCH This Week

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35665 HIGH PATCH This Week

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39227 HIGH This Week

​Softneta MedDream PACS stores usernames and passwords in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meddream Pacs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38256 HIGH This Week

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Maglink Lx Web Console Configuration
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39068 HIGH This Week

Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nb080S09S Klc Firmware Nbd80N32Ra Kl V3 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36161 HIGH This Week

An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Smart Plug 10A Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4583 HIGH This Week

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38743 HIGH This Week

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
7.2
EPSS
11.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy