Skip to main content
CVE-2023-5172 CRITICAL Act Now

A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5168 CRITICAL Act Now

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Microsoft Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44023 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44022 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44021 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44020 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44019 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44018 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.4%
CVE-2023-44017 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44016 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44015 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-44014 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44013 CRITICAL Act Now

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac10U Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43154 CRITICAL Act Now

In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption PHP Authentication Bypass Macs Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42461 CRITICAL Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41878 CRITICAL PATCH Act Now

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41320 CRITICAL Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
31.9%
CVE-2023-40400 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3767 CRITICAL Act Now

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Webserver
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-39375 CRITICAL Act Now

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siberiancms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42657 CRITICAL Act Now

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.1
9.6
EPSS
17.0%
CVE-2023-0833 MEDIUM POC This Month

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Okhttp A Mq Streams
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43191 MEDIUM POC This Month

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springbootcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44048 MEDIUM POC This Month

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expense Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44042 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blackcat Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43857 MEDIUM POC This Month

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43830 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43828 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43331 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Small Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44216 MEDIUM POC This Month

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Ryzen 7 4800U Core I7 10510U Core I7 12700K +12
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-20186 CRITICAL Act Now

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass iOS Ios Xe
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-44206 CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-44152 CRITICAL Act Now

Sensitive information disclosure and manipulation due to improper authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-42462 CRITICAL Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Glpi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-40436 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-43656 CRITICAL PATCH Act Now

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gitlab Atlassian Hookshot
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-4934 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aybs
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-43320 HIGH PATCH This Week

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Backup Server Proxmox Mail Gateway Virtual Environment
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33972 HIGH This Week

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Scylladb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-20254 HIGH PATCH This Week

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Cisco Denial Of Service Authentication Bypass Sd Wan Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-20231 HIGH This Week

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5183 HIGH This Week

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Core Policy Compute Engine
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-43610 HIGH This Week

SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Welcart E Commerce
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42819 HIGH PATCH This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jumpserver
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-41326 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
30.9%
CVE-2023-41324 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-41322 HIGH This Week

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-41074 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-40451 HIGH This Week

This issue was addressed with improved iframe sandbox enforcement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-39434 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy