Skip to main content
CVE-2023-42328 HIGH POC This Week

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Peppermint
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-5036 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-42443 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-42387 HIGH POC This Week

An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Tdsql Chitu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41443 HIGH POC This Week

SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Novel Plus
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-5033 HIGH POC This Week

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-5032 HIGH POC This Week

A vulnerability was found in OpenRapid RapidCMS 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-39446 HIGH This Week

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Modulys Gp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40221 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Modulys Gp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43115 HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2023-41349 HIGH This Week

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Rt Ax88U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-34195 HIGH This Week

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41595 HIGH This Week

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass X Ui
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-39452 HIGH This Week

The web application that owns the device clearly stores the credentials within the user management section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41965 HIGH This Week

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32187 HIGH PATCH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.24.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service K3S
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42525 HIGH This Week

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42524 HIGH This Week

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42523 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42522 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42521 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42526 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42520 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35851 HIGH This Week

SUNNET WMPro portal's FAQ function has insufficient validation for user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Wmpro
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41929 HIGH This Week

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Memory Card Ufd Authentication
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-34999 HIGH PATCH This Week

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Command Injection Rts Vlink Virtual Matrix
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-35850 HIGH This Week

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wmpro
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy