Skip to main content
CVE-2023-40868 HIGH POC This Week

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Moosocial
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42180 HIGH POC This Week

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lenosp
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-36250 HIGH POC This Week

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gnome Time Tracker
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38205 HIGH POC KEV THREAT This Week

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.5
EPSS
99.7%
CVE-2023-38891 HIGH This Week

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Vtiger Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2848 HIGH PATCH This Week

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Movim
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32643 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Deserialization Heap Overflow Glib
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38557 HIGH This Week

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Spectrum Power 7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-4516 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Authentication Bypass Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41267 HIGH PATCH This Week

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Airflow Hdfs Provider
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32636 HIGH This Week

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29499 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1108 HIGH PATCH This Week

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Decision Manager Fuse Integration Camel K +12
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-25584 HIGH PATCH This Week

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-4814 HIGH This Week

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Data Loss Prevention
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy