Skip to main content
CVE-2023-37635 CRITICAL POC Act Now

UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Community Skeleton
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27152 CRITICAL POC Act Now

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opnsense
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5700 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46603 HIGH POC This Week

In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Demoiccmax
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46602 HIGH POC This Week

In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Demoiccmax
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-42295 HIGH POC This Week

An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Denial Of Service Openimageio
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45966 HIGH POC This Week

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Remark42
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46122 HIGH POC PATCH This Week

sbt is a build tool for Scala, Java, and others. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Io Sbt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-5701 MEDIUM POC This Month

A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5699 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5698 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5697 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28805 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.4.0.105. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-46322 CRITICAL Act Now

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46321 CRITICAL Act Now

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iterm2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46332 MEDIUM POC This Month

WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43358 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37636 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uvdesk
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44760 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO &. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-33839 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-27149 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Osticket
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27148 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Osticket
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5246 HIGH This Week

Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx0 Gent00000 Firmware Fx0 Gent00010 Firmware Fx0 Gent00030 Firmware Fx0 Get00000 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5718 MEDIUM POC This Month

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Devtools
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5633 HIGH PATCH This Week

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation VMware Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +19
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43066 HIGH This Week

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28796 HIGH This Week

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28795 HIGH This Week

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28793 HIGH This Week

Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection.3.1.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Code Injection Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33517 HIGH This Week

carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Carrental
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33837 HIGH PATCH This Week

IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-43045 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43074 HIGH This Week

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43622 HIGH This Week

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Http Server
NVD
CVSS 3.1
7.5
EPSS
70.6%
CVE-2023-31122 HIGH This Week

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.4.57. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apache Debian Linux Http Server +1
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-46324 HIGH PATCH This Week

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46319 HIGH This Week

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bastion
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28797 HIGH This Week

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-43067 MEDIUM This Month

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28803 MEDIUM This Month

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.9. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5702 MEDIUM POC THREAT This Month

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vitogate 300 Firmware
NVD GitHub VulDB Exploit-DB
CVSS 3.1
6.5
EPSS
14.5%
CVE-2023-45802 MEDIUM This Month

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Http Server Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2023-46331 MEDIUM This Month

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43624 MEDIUM This Month

CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Cx Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45998 MEDIUM This Month

kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kodbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38722 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46127 MEDIUM PATCH This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Frappe
NVD GitHub
CVSS 3.1
5.4
EPSS
37.0%
CVE-2023-43065 MEDIUM This Month

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28804 MEDIUM This Month

An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.4.0.105. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Client Connector
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-33840 MEDIUM PATCH This Month

IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Verify Governance
NVD
CVSS 3.1
4.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy