Skip to main content
CVE-2023-40850 HIGH POC This Week

netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ns Asg Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4928 HIGH POC PATCH This Week

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Icms2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-4916 HIGH This Week

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Login With Phone Number
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-4153 HIGH This Week

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Ban Users
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-4213 HIGH This Week

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Simplr Registration Form Plus
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-36634 HIGH This Week

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiap U
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34984 HIGH This Week

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiweb
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2680 HIGH This Week

This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Red Hat Information Disclosure Memory Corruption Qemu +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-20236 HIGH This Week

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Jwt Attack Information Disclosure Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40717 HIGH This Week

A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36642 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26369 HIGH KEV THREAT This Week

Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
7.0%
CVE-2023-4785 HIGH PATCH This Week

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Google Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20191 HIGH This Week

A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xr
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4801 HIGH This Week

An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Microsoft Insider Threat Management
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-39915 HIGH This Week

NLnet Labs' Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Routinator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-39914 HIGH PATCH This Week

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcder
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41081 HIGH This Week

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Tomcat Connectors
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23845 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-23840 HIGH This Week

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-20135 HIGH This Week

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Cisco Apple Jwt Attack Ios Xr
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy