Skip to main content
CVE-2023-32182 HIGH POC This Week

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leap Linux Enterprise High Performance Computing Suse Linux Enterprise Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32184 HIGH POC This Week

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Welcome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40933 HIGH This Week

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD VulDB
CVSS 3.1
8.8
EPSS
5.3%
CVE-2023-22513 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Atlassian Bitbucket Data Center Bitbucket Server
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2023-2567 HIGH This Week

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-40934 HIGH This Week

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD VulDB
CVSS 3.1
7.2
EPSS
6.1%
CVE-2023-4096 HIGH This Week

Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arconte Aurea
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-4094 HIGH This Week

ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Arconte Aurea
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-32649 HIGH This Week

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cmc Guardian
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2023-38356 HIGH This Week

MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Power Data Recovery
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38355 HIGH This Week

MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Movie Maker
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38354 HIGH This Week

MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Shadowmaker
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38352 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38351 HIGH This Week

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Partition Wizard
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-42451 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mastodon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42450 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Mastodon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42447 HIGH PATCH This Week

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Blurhash Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42444 HIGH PATCH This Week

phonenumber is a library for parsing, formatting and validating international phone numbers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Phonenumber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41890 HIGH PATCH This Week

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32186 HIGH PATCH This Week

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.24.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rancher Rke2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3892 HIGH This Week

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Assistant Client
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2023-41179 HIGH KEV THREAT This Week

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.2
EPSS
4.7%
CVE-2023-31808 HIGH This Week

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tg670 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy