Skip to main content
CVE-2023-46748 HIGH POC KEV THREAT This Week

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Carrier Grade Nat Big Ip Ddos Hybrid Defender +16
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-5796 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5795 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5787 HIGH POC This Week

A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Score Query System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5786 HIGH POC This Week

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Geowebcache
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46449 HIGH POC This Week

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Inventory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5798 HIGH POC This Week

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Assistant
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45868 HIGH POC This Week

The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Ilias
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-43352 HIGH POC This Week

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cms Made Simple
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5139 HIGH POC This Week

Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27170 HIGH POC This Week

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Write Back Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5785 HIGH POC This Week

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5783 HIGH POC This Week

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33559 HIGH This Week

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ocomon
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5622 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Nessus Network Monitor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-45317 HIGH This Week

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41966 HIGH This Week

The application suffers from a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5802 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin <= 1.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Knowledgebase
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46663 HIGH This Week

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-46667 HIGH This Week

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Fleet Server
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-39936 HIGH This Week

In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Graphite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39427 HIGH This Week

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cobalt Graphite +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5623 HIGH PATCH This Week

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33558 HIGH PATCH This Week

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Ocomon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46662 HIGH This Week

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31419 HIGH PATCH This Week

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Elastic Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
60.7%
CVE-2023-31418 HIGH PATCH This Week

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch Elastic Cloud Enterprise
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-46234 HIGH PATCH This Week

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Browserify Sign Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31421 HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats Elastic Agent Apm Server +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31422 HIGH This Week

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46345 HIGH This Week

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Catdoc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43905 HIGH This Week

Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Writercms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-30967 HIGH This Week

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Orbital Simulator
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5624 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy