Skip to main content
CVE-2023-2262 CRITICAL Act Now

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rockwell RCE 1756 En2T Series A Firmware +32
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42464 CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-31009 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25534 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-25533 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25531 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-25530 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25528 CRITICAL Act Now

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Denial Of Service RCE Stack Overflow +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43616 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Croc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36234 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43377 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP SQLi Hoteldruid
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43376 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoteldruid
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22644 CRITICAL PATCH Act Now

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Manager Server
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-39575 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Arp Guard
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43618 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-43617 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26144 MEDIUM POC PATCH This Month

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphql
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-0462 CRITICAL Act Now

An arbitrary code execution flaw was found in Foreman. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman Satellite
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-0118 CRITICAL Act Now

An arbitrary code execution flaw was found in Foreman. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Foreman Satellite
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-0829 CRITICAL Act Now

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plesk
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2023-42321 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP CSRF Icms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43500 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43496 HIGH PATCH This Week

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Jenkins
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42660 HIGH This Week

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43636 HIGH PATCH This Week

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43635 HIGH PATCH This Week

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43630 HIGH PATCH This Week

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-2163 HIGH PATCH This Week

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-31013 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31012 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31011 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31010 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43621 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-43498 HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43497 HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins File Upload
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-25529 HIGH This Week

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-37410 HIGH PATCH This Week

IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Person Communications
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41902 HIGH This Week

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Macupdater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41375 HIGH This Week

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41374 HIGH This Week

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4088 HIGH This Week

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Gx Works3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31015 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Authentication Bypass RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31008 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25527 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Denial Of Service RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5042 HIGH This Week

Sensitive information disclosure due to insecure folder permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Privilege Escalation Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-3341 HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-25532 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25525 HIGH This Week

NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass Cumulus Linux
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40043 HIGH This Week

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
7.2
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy