Skip to main content
CVE-2023-43261 HIGH POC THREAT Act Now

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.1%.

Information Disclosure Ur5X Firmware Ur32L Firmware Ur32 Firmware Ur35 Firmware +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
60.1%
Threat
4.8
CVE-2023-43321 HIGH POC This Week

File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dcfw 1800 Sdc Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36618 HIGH POC This Week

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Session Border Controller
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2023-42809 HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis Deserialization Redisson
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42449 HIGH POC This Week

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-40299 HIGH POC PATCH This Week

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Insomnia
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-43838 HIGH POC This Week

An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Personal Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-43809 HIGH POC PATCH This Week

Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Soft Serve
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5377 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-20235 HIGH This Week

A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal Apple Cisco Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40559 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Dynamic Pricing And Discount Rules For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40561 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Enhanced Ecommerce Google Analytics For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27433 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Make Paths Relative
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25025 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Copyprotect Protect Your Blog Posts
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-4997 HIGH This Week

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Uptimedc
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3701 HIGH This Week

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aqua Drive
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37995 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Copyprotect
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25980 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optimize Database After Deleting Revisions
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25788 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25489 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Update Theme And Plugins From Zip File
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3037 HIGH This Week

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Helpdezk
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-39191 HIGH PATCH This Week

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Linux Linux Kernel Fedora Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-42448 HIGH PATCH This Week

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43804 HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-1832 HIGH PATCH This Week

An improper access control flaw was found in Candlepin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Candlepin Satellite
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-43799 HIGH This Week

Altair is a GraphQL Client. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Altair
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44209 HIGH This Week

Local privilege escalation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42824 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-4237 HIGH This Week

A flaw was found in the Ansible Automation Platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Collection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3665 HIGH This Week

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22618 HIGH This Week

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nokia Authentication Bypass Wavelite Metro 200 And Fan Firmware Wavelite Metro 200 Ops And Fans Firmware Wavelite Metro 200 And F2B Fans Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30738 HIGH This Week

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Galaxy Book Firmware Galaxy Book Pro Firmware Galaxy Book Pro 360 Firmware Galaxy Book Odyssey Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30733 HIGH This Week

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30692 HIGH This Week

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30690 HIGH This Week

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43805 HIGH PATCH This Week

Nexkey is a fork of Misskey, an open source, decentralized social media platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nexkey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43793 HIGH PATCH This Week

Misskey is an open source, decentralized social media platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Misskey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20259 HIGH This Week

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Emergency Responder Prime Collaboration Deployment Unified Communications Manager +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3361 HIGH This Week

A flaw was found in Red Hat OpenShift Data Science. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure Python Open Data Hub Dashboard +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3038 HIGH This Week

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Helpdezk
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3512 HIGH This Week

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Conacwin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1584 HIGH PATCH This Week

A flaw was found in Quarkus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Quarkus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30727 HIGH This Week

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-4586 HIGH This Week

A vulnerability was found in the Hot Rod client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Data Grid Hot Rod
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-2422 HIGH PATCH This Week

A flaw was found in Keycloak. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Openshift Container Platform Single Sign On
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-5369 HIGH This Week

Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy