Skip to main content
CVE-2023-42270 HIGH POC This Week

Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Grocy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-40958 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40957 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40956 HIGH POC This Week

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Wesite Job Search
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40955 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4987 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taskhub
NVD VulDB
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4985 HIGH POC This Week

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Inplant Scada
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-41886 HIGH POC PATCH This Week

OpenRefine is a powerful free, open source tool for working with messy data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Openrefine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38039 HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
7.5
EPSS
62.2%
CVE-2023-41325 HIGH POC PATCH This Week

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Op Tee
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-3891 HIGH POC This Week

Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Lapce
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-4665 HIGH This Week

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4664 HIGH This Week

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-4991 HIGH This Week

A vulnerability was found in NextBX QWAlerter 4.50. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nextbx Qwalerter
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36658 HIGH This Week

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Media Validation Agent Metadefender Kiosk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0813 HIGH This Week

A flaw was found in the Network Observability plugin for OpenShift console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Network Observability
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-40018 HIGH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36562 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy