Skip to main content
CVE-2023-41255 HIGH This Week

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26578 HIGH This Week

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Idweb
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26219 HIGH This Week

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hawk Hawk Distribution For Tibco Silver Fabric Operational Intelligence Hawk Redtail Runtime Agent
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5363 HIGH PATCH This Week

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Debian Linux H300s Firmware H410s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2023-46136 HIGH PATCH This Week

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Werkzeug
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-4606 HIGH This Week

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +54
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-46654 HIGH PATCH This Week

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2023-5367 HIGH PATCH This Week

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption X Server Xwayland +10
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-42856 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42841 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-40423 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40404 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption macOS
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-5717 HIGH PATCH This Week

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Privilege Escalation Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-5671 HIGH This Week

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Microsoft Print And Scan Doctor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43506 HIGH This Week

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43488 HIGH This Week

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41372 HIGH This Week

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker -. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3112 HIGH This Week

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ai Virtual Presence Sensor Virtual Lock Sensor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42847 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-42844 HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-40445 HIGH This Week

The issue was addressed with improved UI handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40401 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-32359 HIGH This Week

This issue was addressed with improved redaction of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5728 HIGH This Week

During garbage collection extra operations were performed on a object that should not be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +3
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-5724 HIGH This Week

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-46346 HIGH This Week

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Exportproducts
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46119 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-42490 HIGH This Week

EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42488 HIGH This Week

EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Eisbaer Scada
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39219 HIGH This Week

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Pingfederate
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31582 HIGH PATCH This Week

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jose4J
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27377 HIGH This Week

Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27376 HIGH This Week

Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27375 HIGH This Week

Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27259 HIGH This Week

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27258 HIGH This Week

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27257 HIGH This Week

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26580 HIGH This Week

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26576 HIGH This Week

Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26575 HIGH This Week

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26574 HIGH This Week

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26571 HIGH This Week

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26570 HIGH This Week

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4608 HIGH This Week

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +54
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-46124 HIGH PATCH This Week

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Fides
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-5574 HIGH PATCH This Week

A use-after-free flaw was found in xorg-x11-server-Xvfb. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption X Server Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-38041 HIGH This Week

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
7.0
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy