Skip to main content
CVE-2023-5521 CRITICAL POC PATCH Act Now

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Kernelsu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43661 HIGH POC PATCH THREAT This Week

Cachet, the open-source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Cachet
NVD GitHub
CVSS 3.1
8.8
EPSS
46.9%
CVE-2023-43960 HIGH POC This Week

An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation D-Link Dph 400se Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-35194 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-35193 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-34356 HIGH POC This Week

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2023-28381 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2023-27380 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-5511 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Snipe It
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5535 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to v9.0.2010. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38817 HIGH POC This Week

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Anti Cheat Tool
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5520 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-44961 HIGH POC This Week

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Koha Library Software
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-23930 HIGH POC PATCH This Week

vantage6 is privacy preserving federated learning infrastructure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Vantage6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-45132 CRITICAL PATCH Act Now

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nginx Naxsi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35662 CRITICAL Act Now

there is a possible out of bounds write due to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35648 CRITICAL Act Now

In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-35647 CRITICAL Act Now

In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-35646 CRITICAL Act Now

In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35968 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35967 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35966 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35965 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35056 CRITICAL Act Now

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35055 CRITICAL Act Now

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34426 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34365 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34346 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32645 CRITICAL Act Now

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
53.8%
CVE-2023-32632 CRITICAL Act Now

A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31272 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24479 CRITICAL Act Now

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-44116 CRITICAL Act Now

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44105 CRITICAL Act Now

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44106 CRITICAL Act Now

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34354 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Surf Soho Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-44962 MEDIUM POC This Month

File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Koha Library Software
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-44118 CRITICAL Act Now

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-44107 CRITICAL Act Now

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-44981 CRITICAL PATCH Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Zookeeper Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2023-5476 HIGH This Week

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5474 HIGH This Week

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5218 HIGH This Week

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-44997 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Forms Puzzle Captcha
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37536 HIGH This Week

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xerces C Bigfix Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-26320 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Command Injection Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-3781 HIGH This Week

there is a possible use-after-free write due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40142 HIGH This Week

In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40141 HIGH This Week

In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-26370 HIGH This Week

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Photoshop 2022 Photoshop 2023 +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy