Skip to main content
CVE-2023-38146 HIGH POC PATCH THREAT Act Now

Windows Themes Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 11 21H2 Windows 11 22h2
NVD GitHub
CVSS 3.1
8.8
EPSS
39.5%
CVE-2023-4863 HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Chrome Fedora +10
NVD GitHub
CVSS 3.1
8.8
EPSS
99.7%
CVE-2023-4899 HIGH POC PATCH This Week

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Anything Llm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-36745 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.1%
CVE-2023-4921 HIGH POC This Week

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4914 HIGH POC PATCH This Week

Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Cecil
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32558 HIGH POC This Week

The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-4898 HIGH POC PATCH This Week

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Anything Llm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4918 HIGH PATCH This Week

A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3711 HIGH This Week

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.19.050004. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Honeywell Pm43 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38148 HIGH PATCH This Week

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Windows 10 21h2 Windows 10 22h2 +2
NVD
CVSS 3.1
8.8
EPSS
8.2%
CVE-2023-38147 HIGH PATCH This Week

Windows Miracast Wireless Display Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +9
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-36764 HIGH PATCH This Week

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-33136 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Azure Devops Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-4759 HIGH PATCH This Week

Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Apple Microsoft Jgit
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-40731 HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qms Automotive
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40730 HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Qms Automotive
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40726 HIGH This Week

A vulnerability has been identified in QMS Automotive (All versions < V12.39). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qms Automotive
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37881 HIGH This Week

Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Wing Ftp Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37878 HIGH This Week

Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wing Ftp Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28831 HIGH This Week

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Simatic Cloud Connect 7 Cc712 Firmware Simatic Cloud Connect 7 Cc716 Firmware Simatic Drive Controller Cpu 1504D Tf Firmware +75
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2023-38155 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Azure Devops Server
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-36757 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
68.6%
CVE-2023-36756 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
74.7%
CVE-2023-36744 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.7%
CVE-2023-3712 HIGH This Week

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.19.050004. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Privilege Escalation Honeywell Pm43 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38163 HIGH PATCH This Week

Windows Defender Attack Surface Reduction Security Feature Bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows Defender Security Intelligence Updates
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38161 HIGH PATCH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-38150 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38144 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2023-38143 HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2023-38142 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.8
EPSS
6.5%
CVE-2023-38141 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38139 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-36804 HIGH PATCH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-36802 HIGH KEV PATCH THREAT This Week

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1809 +6
NVD
CVSS 3.1
7.8
EPSS
26.1%
CVE-2023-36796 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36794 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36793 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Net Framework Net +3
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36792 HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36788 HIGH PATCH This Week

.NET Framework Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Net Framework
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-36773 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36772 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36771 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36770 HIGH PATCH This Week

3D Builder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Builder
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-36760 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-36742 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-36740 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36739 HIGH PATCH This Week

3D Viewer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow 3D Viewer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-35355 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy