Skip to main content
CVE-2023-41892 CRITICAL POC PATCH THREAT Act Now

Craft CMS is a platform for creating digital experiences. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Craft Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
92.9%
CVE-2023-40850 HIGH POC This Week

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ns Asg Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4928 HIGH POC PATCH This Week

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Icms2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-4568 MEDIUM POC This Month

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2023-3935 CRITICAL Act Now

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Codemeter Runtime Oseon Programmingtube +21
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-42468 MEDIUM POC This Month

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Color Phone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-20190 MEDIUM POC This Month

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cisco Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4039 MEDIUM POC This Month

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Gcc
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-4916 HIGH This Week

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Login With Phone Number
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-4153 HIGH This Week

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Ban Users
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-4213 HIGH This Week

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Simplr Registration Form Plus
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-36634 HIGH This Week

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiap U
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34984 HIGH This Week

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiweb
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2680 HIGH This Week

This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Red Hat Information Disclosure Memory Corruption Qemu +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-20236 HIGH This Week

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Jwt Attack Information Disclosure Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40717 HIGH This Week

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36642 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26369 HIGH KEV THREAT This Week

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
7.0%
CVE-2023-4785 HIGH PATCH This Week

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Google Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20191 HIGH This Week

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xr
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4801 HIGH This Week

An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Microsoft Insider Threat Management
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-39915 HIGH This Week

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Routinator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-39914 HIGH PATCH This Week

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcder
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41081 HIGH This Week

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Tomcat Connectors
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-42469 LOW POC Monitor

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Full Dialer
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-23845 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-23840 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-20135 HIGH This Week

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Cisco Apple Jwt Attack Ios Xr
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-3255 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-20233 MEDIUM This Month

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference Apple Ios Xr
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-39916 MEDIUM PATCH This Month

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Routinator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25608 MEDIUM This Month

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiap Fortiap C Fortiap U Fortiap W2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4400 MEDIUM This Month

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-41162 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40617 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Head Start
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29306 MEDIUM This Month

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29305 MEDIUM This Month

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4155 MEDIUM PATCH This Month

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. Rated medium severity (CVSS 5.6).

Amd Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2023-3301 MEDIUM PATCH This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-3280 MEDIUM This Month

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40715 MEDIUM This Month

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41158 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41155 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41154 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41152 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3588 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamwork Cloud No Magic Release
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38215 MEDIUM This Month

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38214 MEDIUM This Month

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29183 MEDIUM This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet RCE XSS Fortiproxy Fortios
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-4917 MEDIUM This Month

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leyka_ajax_get_env_and_options' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure WordPress Leyka
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy