Skip to main content
CVE-2023-38886 HIGH POC PATCH THREAT Act Now

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.8%.

Command Injection RCE Dolibarr Erp Crm
NVD
CVSS 3.1
7.2
EPSS
31.8%
CVE-2023-38887 HIGH POC PATCH This Week

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Dolibarr Erp Crm
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-43138 HIGH POC This Week

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-43137 HIGH POC This Week

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-42335 HIGH POC This Week

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Crew Dispatch
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-42331 HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Elite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43477 HIGH POC THREAT This Week

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arcadyan Lh1000 Firmware
NVD
CVSS 3.1
8.8
EPSS
15.7%
CVE-2023-36319 HIGH POC This Week

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Openupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41484 HIGH POC This Week

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cimg
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-4853 HIGH POC PATCH This Week

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Quarkus Build Of Optaplanner Build Of Quarkus Decision Manager +8
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-43620 HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43619 HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Croc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37279 HIGH POC PATCH This Week

Faktory is a language-agnostic persistent background job server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Faktory
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39677 HIGH POC THREAT This Week

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Product Catalog Csv Excel Import Updateproducts
NVD
CVSS 3.1
7.5
EPSS
30.8%
CVE-2023-42147 HIGH POC This Week

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudexplorer Lite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42321 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP CSRF Icms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43500 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43496 HIGH PATCH This Week

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Jenkins
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42660 HIGH This Week

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43636 HIGH PATCH This Week

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43635 HIGH PATCH This Week

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43630 HIGH PATCH This Week

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-2163 HIGH PATCH This Week

Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-31013 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31012 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31011 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31010 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43498 HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43497 HIGH PATCH This Week

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins File Upload
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-25529 HIGH This Week

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-37410 HIGH PATCH This Week

IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Person Communications
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41902 HIGH This Week

An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Macupdater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41375 HIGH This Week

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41374 HIGH This Week

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Kostac Plc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4088 HIGH This Week

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Gx Works3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31015 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Authentication Bypass RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31008 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25527 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Denial Of Service RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5042 HIGH This Week

Sensitive information disclosure due to insecure folder permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Privilege Escalation Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-3341 HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-25532 HIGH This Week

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25525 HIGH This Week

NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass Cumulus Linux
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40043 HIGH This Week

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy