Skip to main content
CVE-2023-39378 HIGH This Week

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-35074 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-28055 HIGH PATCH This Week

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Denial Of Service Dell Authentication Bypass Networker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-20176 HIGH This Week

A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst 9166 Firmware Catalyst 9164 Firmware Catalyst 9136 Firmware +2
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-20033 HIGH This Week

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-40448 HIGH This Week

The issue was addressed with improved handling of protocols. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2023-4423 MEDIUM POC PATCH This Month

The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Wp Event Manager
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-20223 HIGH This Week

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Dna Center
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43125 HIGH This Week

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-42820 HIGH PATCH This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
8.2
EPSS
5.4%
CVE-2023-43660 HIGH PATCH This Week

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-44154 HIGH This Week

Sensitive information disclosure and manipulation due to improper authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-41333 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-32458 HIGH PATCH This Week

Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Authentication Bypass Appsync
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44157 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44125 HIGH This Week

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44123 HIGH This Week

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44122 HIGH This Week

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-43825 HIGH This Week

Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Shihonkanri Plus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42486 HIGH This Week

Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41995 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41984 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-41174 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41071 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-41068 HIGH This Week

An access issue was addressed with improved access restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41063 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-40443 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40432 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40431 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40419 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40412 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40409 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38615 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32396 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32377 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43856 HIGH This Week

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Dreamer Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43314 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel Pmg2005 T20B Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20262 HIGH This Week

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20227 HIGH This Week

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20226 HIGH This Week

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20187 HIGH This Week

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20034 HIGH PATCH This Week

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Elastic Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4129 HIGH This Week

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Data Protection Central
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-5173 HIGH This Week

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5157 HIGH This Week

A vulnerability was found in MariaDB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MariaDB Fedora Enterprise Linux Enterprise Linux Eus +8
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-44159 HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44158 HIGH This Week

Sensitive information disclosure due to insufficient token field masking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44156 HIGH This Week

Sensitive information disclosure due to spell-jacking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44155 HIGH This Week

Sensitive information leak through log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-44153 HIGH This Week

Sensitive information disclosure due to cleartext storage of sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.3%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy