Skip to main content
CVE-2023-43345 HIGH POC This Week

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-27791 HIGH POC This Week

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-30132 HIGH POC This Week

An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27795 HIGH POC This Week

An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27793 HIGH POC This Week

An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27792 HIGH POC This Week

An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38128 HIGH POC This Week

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Easy Postcard Max Ichitaro 2021 +17
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-38127 HIGH POC This Week

An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Easy Postcard Max Ichitaro 2021 +17
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-34366 HIGH POC This Week

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Easy Postcard Max +18
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-35126 HIGH POC This Week

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Easy Postcard Max Ichitaro 2021 Ichitaro 2022 +16
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-43251 HIGH POC This Week

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-43252 HIGH POC This Week

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-44690 HIGH POC This Week

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mycli
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-45277 HIGH POC PATCH This Week

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Yamcs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-5336 HIGH PATCH This Week

The iPanorama 360 - WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Ipanorama 360 Wordpress Virtual Tour Builder
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44385 HIGH This Week

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple CSRF Home Assistant Companion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40145 HIGH This Week

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware Cmt3072 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42435 HIGH This Week

The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dexgate
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41089 HIGH This Week

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dexgate
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35186 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-35180 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
27.4%
CVE-2023-46229 HIGH PATCH This Week

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Langchain
NVD GitHub
CVSS 3.1
8.8
EPSS
44.7%
CVE-2023-34441 HIGH This Week

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-41898 HIGH This Week

Home assistant is an open source home automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google Home Assistant Companion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5059 HIGH This Week

Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fft Imaging
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39431 HIGH This Week

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35986 HIGH This Week

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35183 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35181 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45883 HIGH This Week

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft Qumu
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-46228 HIGH PATCH This Week

zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Zchunk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45823 HIGH PATCH This Week

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46227 HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34437 HIGH This Week

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41899 HIGH This Week

Home assistant is an open source home automation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Home Assistant
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy