Skip to main content
CVE-2023-41631 HIGH POC This Week

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Esst Monitoring
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-45907 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45906 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45905 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45904 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45903 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45902 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45901 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-43959 HIGH POC This Week

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sip T19P E2 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-45375 HIGH POC THREAT This Week

In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pireospay
NVD
CVSS 3.1
8.8
EPSS
38.5%
CVE-2023-45811 HIGH POC PATCH This Week

Synchrony deobfuscator is a javascript cleaner & deobfuscator. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Prototype Pollution Synchrony
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-44824 HIGH POC This Week

An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Expense Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36321 HIGH POC PATCH This Week

Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dlt Daemon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41629 HIGH POC This Week

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Esst Monitoring
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41715 HIGH This Week

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sonicos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22087 HIGH PATCH This Week

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Hospitality Opera 5 Property Services
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22085 HIGH PATCH This Week

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Hospitality Opera 5 Property Services
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34210 HIGH This Week

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mailhunter Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-34207 HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mailhunter Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22102 HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Mysql Connector J Oncommand Insight
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2023-22099 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-22098 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-22101 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-22100 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
7.9
EPSS
0.4%
CVE-2023-22094 HIGH PATCH This Week

Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity.

Oracle Denial Of Service Mysql Installer
NVD
CVSS 3.1
7.9
EPSS
0.3%
CVE-2023-42507 HIGH This Week

Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Onsinview2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42506 HIGH This Week

Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Onsinview2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37537 HIGH This Week

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Appscan Presence
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20598 HIGH This Week

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd Radeon Software
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-39902 HIGH PATCH This Week

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Uboot Secondary Program Loader
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-45810 HIGH PATCH This Week

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Openfga
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41713 HIGH This Week

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22108 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22086 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22019 HIGH PATCH This Week

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Oracle Http Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41752 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-39456 HIGH This Week

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
53.5%
CVE-2023-4215 HIGH This Week

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40373 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40372 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4399 HIGH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy