Skip to main content
CVE-2023-38545 CRITICAL POC PATCH THREAT Act Now

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

Memory Corruption Buffer Overflow Libcurl Fedora Active Iq Unified Manager +10
NVD GitHub
CVSS 3.1
9.8
EPSS
26.2%
Threat
4.2
CVE-2023-45911 CRITICAL POC Act Now

An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Comscale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5642 CRITICAL POC THREAT Act Now

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure R Seenet
NVD
CVSS 3.1
9.8
EPSS
16.7%
CVE-2023-46007 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46006 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46005 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5538 HIGH POC THREAT Act Now

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

XSS WordPress Mpoperationlogs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
11.2%
CVE-2023-5626 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46009 HIGH POC This Week

gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gifsicle
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43250 HIGH POC This Week

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-45813 HIGH POC PATCH This Week

Torbot is an open source tor network intelligence tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Torbot Validators
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45912 HIGH POC This Week

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Comscale
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42319 HIGH POC This Week

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46004 HIGH POC This Week

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Best Courier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-45146 CRITICAL Act Now

XXL-RPC is a high performance, distributed RPC framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xxl Rpc
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-4601 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Information Disclosure System Configuration
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39332 CRITICAL Act Now

Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-35084 CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-5631 MEDIUM POC KEV PATCH THREAT This Month

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Webmail Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
75.9%
CVE-2023-37502 HIGH This Week

HCL Compass is vulnerable to lack of file upload security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Compass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43800 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Create Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43802 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26300 HIGH PATCH This Week

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation HP Desktop Pro A 300 G3 Firmware Desktop Pro A G3 Firmware Desktop Pro A G3 Microtower Firmware +86
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45812 HIGH PATCH This Week

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apollo Router Apollo Helms Charts Router
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35663 HIGH This Week

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-35656 HIGH This Week

In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-30911 HIGH This Week

HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 5 Firmware Integrated Lights Out 6 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45383 HIGH PATCH This Week

In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sonice Etiquetage
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45727 HIGH KEV THREAT This Week

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Proself
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-5632 HIGH PATCH This Week

In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mosquitto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39331 HIGH This Week

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-38552 HIGH This Week

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Node Js Fedora
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-5552 HIGH This Week

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sophos Firewall
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43801 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-43803 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-45630 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gallery
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20261 MEDIUM This Month

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35083 MEDIUM This Month

Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-45909 MEDIUM PATCH This Month

zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zzzphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45958 MEDIUM PATCH This Month

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the backup_pagination parameter at /controller/AdminController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Thirty Bees
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45632 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spidervplayer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45602 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ebook Store
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30781 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tweeple
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45070 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45065 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bulk Noindex Nofollow Toolkit
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32089 MEDIUM This Month

Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32088 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32087 MEDIUM This Month

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45064 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opcache Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy