Skip to main content
CVE-2023-43661 HIGH POC PATCH THREAT This Week

Cachet, the open-source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Cachet
NVD GitHub
CVSS 3.1
8.8
EPSS
46.9%
CVE-2023-43960 HIGH POC This Week

An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation D-Link Dph 400se Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-35194 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-35193 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-34356 HIGH POC This Week

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2023-28381 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2023-27380 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-5511 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Snipe It
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5535 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to v9.0.2010. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38817 HIGH POC This Week

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Anti Cheat Tool
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5520 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-44961 HIGH POC This Week

SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Koha Library Software
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-23930 HIGH POC PATCH This Week

vantage6 is privacy preserving federated learning infrastructure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Vantage6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-5476 HIGH This Week

Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5474 HIGH This Week

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5218 HIGH This Week

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-44997 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Forms Puzzle Captcha
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37536 HIGH This Week

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xerces C Bigfix Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-26320 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Command Injection Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-3781 HIGH This Week

there is a possible use-after-free write due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40142 HIGH This Week

In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40141 HIGH This Week

In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-26370 HIGH This Week

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Photoshop 2022 Photoshop 2023 +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42138 HIGH This Week

Out-of-bounds read vulnerability exists in KV STUDIO Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Kv Replay Viewer Kv Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39325 HIGH PATCH This Week

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Http2 Fedora Astra Trident +1
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-44186 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35661 HIGH This Week

In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-35652 HIGH This Week

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44119 HIGH This Week

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44114 HIGH This Week

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44108 HIGH This Week

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44111 HIGH This Week

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44104 HIGH This Week

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44103 HIGH This Week

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44101 HIGH This Week

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44100 HIGH This Week

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44097 HIGH This Week

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44095 HIGH This Week

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44109 HIGH This Week

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-44096 HIGH This Week

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44093 HIGH This Week

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4990 HIGH This Week

Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Espeak Ng Mcl Net Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35649 HIGH This Week

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Android
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-26319 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26318 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Xiaomi Router Ax3200 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy