Skip to main content
CVE-2023-38346 HIGH POC PATCH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Vxworks
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42821 HIGH POC PATCH This Week

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Markdown
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-43783 HIGH POC This Week

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cadence
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31718 HIGH POC This Week

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-31717 HIGH POC This Week

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-41031 HIGH This Week

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41029 HIGH This Week

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-41027 HIGH This Week

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5002 HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-23362 HIGH This Week

An OS command injection vulnerability has been reported to affect QNAP operating systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero Qutscloud
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-34319 HIGH PATCH This Week

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Xen Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43766 HIGH This Week

Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43784 HIGH This Week

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onyx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43767 HIGH This Week

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43765 HIGH This Week

Certain WithSecure products allow Denial of Service in the aeelf component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43761 HIGH This Week

Certain WithSecure products allow Denial of Service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43760 HIGH This Week

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31716 HIGH This Week

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy