Skip to main content
CVE-2023-42793 CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-40931 MEDIUM POC THREAT This Month

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

PHP SQLi Nagios Xi
NVD VulDB
CVSS 3.1
6.5
EPSS
13.5%
CVE-2023-41387 CRITICAL POC Act Now

A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple SQLi Flutter Downloader
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-26143 CRITICAL POC PATCH Act Now

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Blamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-32182 HIGH POC This Week

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leap Linux Enterprise High Performance Computing Suse Linux Enterprise Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32184 HIGH POC This Week

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Welcome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5060 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-40933 HIGH This Week

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD VulDB
CVSS 3.1
8.8
EPSS
5.3%
CVE-2023-4092 CRITICAL Act Now

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SQLi Arconte Aurea
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0773 CRITICAL Act Now

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ipc322Lb Sf28 A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5009 CRITICAL Act Now

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2023-41599 MEDIUM POC THREAT This Month

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jfinalcms
NVD
CVSS 3.1
5.3
EPSS
11.2%
CVE-2023-40788 MEDIUM POC This Month

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Springblade
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-29245 CRITICAL Act Now

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2023-4376 MEDIUM POC This Month

The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Serial Codes Generator And Validator With Woocommerce Support
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2995 MEDIUM POC This Month

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Leyka
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22513 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Atlassian Bitbucket Data Center Bitbucket Server
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2023-2567 HIGH This Week

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-40934 HIGH This Week

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD VulDB
CVSS 3.1
7.2
EPSS
6.1%
CVE-2023-4096 HIGH This Week

Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arconte Aurea
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-4094 HIGH This Week

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arconte Aurea
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-32649 HIGH This Week

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cmc Guardian
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2023-38356 HIGH This Week

MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Power Data Recovery
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38355 HIGH This Week

MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Movie Maker
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38354 HIGH This Week

MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Shadowmaker
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38352 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38351 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-42451 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42450 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Mastodon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42447 HIGH PATCH This Week

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Blurhash Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42444 HIGH PATCH This Week

phonenumber is a library for parsing, formatting and validating international phone numbers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Phonenumber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41890 HIGH PATCH This Week

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32186 HIGH PATCH This Week

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.24.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rancher Rke2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3892 HIGH This Week

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Assistant Client
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2023-41179 HIGH KEV THREAT This Week

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.2
EPSS
4.7%
CVE-2023-31808 HIGH This Week

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tg670 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-42399 MEDIUM This Month

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joditeditor
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4093 MEDIUM This Month

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arconte Aurea
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41834 MEDIUM This Month

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Flink Stateful Functions
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-38353 MEDIUM This Month

MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Power Data Recovery
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-5054 MEDIUM This Month

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Authentication Bypass Super Store Finder
NVD VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2023-40932 MEDIUM This Month

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD VulDB
CVSS 3.1
5.4
EPSS
2.0%
CVE-2023-43566 MEDIUM This Month

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-42452 MEDIUM PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mastodon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23957 MEDIUM This Month

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Identity Portal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4095 MEDIUM This Month

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arconte Aurea
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy