Skip to main content
CVE-2023-22515 CRITICAL POC KEV EUVD KEV THREAT Emergency

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Atlassian Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
94.3%
Threat
9.8
CVE-2023-43261 HIGH POC THREAT Act Now

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.1%.

Information Disclosure Ur5X Firmware Ur32L Firmware Ur32 Firmware Ur35 Firmware +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
60.1%
Threat
4.8
CVE-2023-36619 CRITICAL POC Act Now

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Border Controller
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-5374 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5373 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38701 CRITICAL POC Act Now

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-43321 HIGH POC This Week

File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dcfw 1800 Sdc Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36618 HIGH POC This Week

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Session Border Controller
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2023-42809 HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis Deserialization Redisson
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42449 HIGH POC This Week

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-40299 HIGH POC PATCH This Week

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Insomnia
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-43838 HIGH POC This Week

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Personal Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-43809 HIGH POC PATCH This Week

Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Soft Serve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5377 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-5371 MEDIUM POC This Month

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-42808 MEDIUM POC This Month

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Common Voice
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27121 MEDIUM POC THREAT This Month

A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pleasant Password Server
NVD
CVSS 3.1
6.1
EPSS
21.3%
CVE-2023-5375 MEDIUM POC PATCH THREAT This Month

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Mosparo
NVD GitHub
CVSS 3.1
6.1
EPSS
33.6%
CVE-2023-35803 CRITICAL Act Now

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Iq Engine
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-41094 CRITICAL Act Now

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5399 CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Spacelogic C Bus Toolkit
NVD
CVSS 3.1
9.8
EPSS
38.5%
CVE-2023-5391 CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert Ecostruxure Power Operation With Advanced Reports Ecostruxure Power Scada Operation With Advanced Reports
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5402 CRITICAL Act Now

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE C Bus Toolkit
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20101 CRITICAL Act Now

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Emergency Responder
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-4494 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Easy Chat Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4491 CRITICAL Act Now

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Easy Address Book Web Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2809 CRITICAL Act Now

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sage 200 Spain
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37404 CRITICAL PATCH Act Now

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE IBM Observability With Instana
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44075 MEDIUM POC This Month

Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Small Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44208 CRITICAL Act Now

Sensitive information disclosure and manipulation due to missing authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Bypass Cyber Protect Home Office
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-43877 MEDIUM POC This Month

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-20235 HIGH This Week

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal Apple Cisco Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40559 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Dynamic Pricing And Discount Rules For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40561 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Enhanced Ecommerce Google Analytics For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27433 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Make Paths Relative
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25025 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Copyprotect Protect Your Blog Posts
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-4997 HIGH This Week

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Uptimedc
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3701 HIGH This Week

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aqua Drive
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37995 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Copyprotect
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25980 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optimize Database After Deleting Revisions
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25788 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25489 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Update Theme And Plugins From Zip File
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3037 HIGH This Week

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Helpdezk
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-39191 HIGH PATCH This Week

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Linux Linux Kernel Fedora Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-42448 HIGH PATCH This Week

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43804 HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-1832 HIGH PATCH This Week

An improper access control flaw was found in Candlepin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Candlepin Satellite
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-43799 HIGH This Week

Altair is a GraphQL Client. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Altair
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44209 HIGH This Week

Local privilege escalation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42824 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy