Skip to main content
CVE-2023-40044 HIGH POC KEV THREAT Act Now

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ws Ftp Server
NVD
CVSS 3.1
8.8
EPSS
90.1%
CVE-2023-41452 HIGH POC This Week

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43192 HIGH POC This Week

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springbootcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5184 HIGH POC This Week

Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35793 HIGH POC This Week

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Access Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2315 HIGH POC PATCH This Week

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opencart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32541 HIGH POC This Week

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Hancom Office 2020
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-43646 HIGH POC PATCH This Week

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Get Func Name
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-43381 HIGH POC This Week

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blog
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-42460 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0456 HIGH POC This Week

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apicast
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43650 HIGH POC This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-44047 HIGH POC This Week

Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Toll Tax Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-44044 HIGH POC This Week

Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Super Store Finder
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-4934 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aybs
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43320 HIGH PATCH This Week

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Backup Server Proxmox Mail Gateway Virtual Environment
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33972 HIGH This Week

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Scylladb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-20254 HIGH PATCH This Week

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Cisco Denial Of Service Authentication Bypass Sd Wan Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-20231 HIGH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5183 HIGH This Week

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Core Policy Compute Engine
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-43610 HIGH This Week

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Welcart E Commerce
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42819 HIGH PATCH This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jumpserver
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-41326 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
30.9%
CVE-2023-41324 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-41322 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-41074 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-40451 HIGH This Week

This issue was addressed with improved iframe sandbox enforcement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-39434 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-39378 HIGH This Week

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-35074 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-28055 HIGH PATCH This Week

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Denial Of Service Dell Authentication Bypass Networker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-20176 HIGH This Week

A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst 9166 Firmware Catalyst 9164 Firmware Catalyst 9136 Firmware +2
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-20033 HIGH This Week

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-40448 HIGH This Week

The issue was addressed with improved handling of protocols. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2023-20223 HIGH This Week

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Dna Center
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43125 HIGH This Week

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-42820 HIGH PATCH This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
8.2
EPSS
5.4%
CVE-2023-43660 HIGH PATCH This Week

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-44154 HIGH This Week

Sensitive information disclosure and manipulation due to improper authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-41333 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-32458 HIGH PATCH This Week

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Authentication Bypass Appsync
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44157 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44125 HIGH This Week

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44123 HIGH This Week

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44122 HIGH This Week

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-43825 HIGH This Week

Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Shihonkanri Plus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42486 HIGH This Week

Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41995 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41984 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-41174 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy