Skip to main content
CVE-2023-42261 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-42280 HIGH POC This Week

mee-admin 1.5 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Mee Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-43274 HIGH POC This Week

Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Shopping Cart
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43669 HIGH POC PATCH This Week

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tungstenite Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-4504 HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Cups Libppd +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-41993 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +11
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-43634 HIGH PATCH This Week

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43633 HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43631 HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5068 HIGH This Week

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Diascreen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41992 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2023-43637 HIGH PATCH This Week

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38343 HIGH This Week

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti SSRF XXE Endpoint Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-42482 HIGH This Week

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Samsung Denial Of Service Memory Corruption Exynos 2200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-42805 HIGH PATCH This Week

quinn-proto is a state machine for the QUIC transport protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Quinn
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-42457 HIGH PATCH This Week

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Nginx Rest
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4152 HIGH This Week

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Frauscher Diagnostic System 101
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy