Skip to main content
CVE-2023-46818 HIGH POC PATCH THREAT Act Now

An issue was discovered in ISPConfig before 3.2.11p1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Ispconfig
NVD
CVSS 3.1
7.2
EPSS
13.9%
CVE-2023-44480 HIGH POC This Week

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leave Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-35794 HIGH POC This Week

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Access Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5829 HIGH POC This Week

A vulnerability was found in code-projects Admission Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Admission Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5826 HIGH POC This Week

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5812 HIGH POC This Week

A vulnerability has been found in flusity CMS and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flusity
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46375 HIGH POC This Week

ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Biz
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4967 HIGH POC This Week

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46393 HIGH POC This Week

gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gougucms
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46376 HIGH POC This Week

Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biz
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40129 HIGH PATCH This Week

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5820 HIGH PATCH This Week

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Thumbnail Slider With Lightbox
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46816 HIGH This Week

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-46815 HIGH This Week

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5814 HIGH This Week

A vulnerability was found in SourceCodester Task Reminder System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5813 HIGH This Week

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46290 HIGH This Week

Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass Factorytalk Services Platform
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2023-46587 HIGH This Week

Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xnview
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5834 HIGH PATCH This Week

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Hashicorp Vagrant
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40140 HIGH PATCH This Week

In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Use After Free Privilege Escalation RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40130 HIGH PATCH This Week

In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40128 HIGH PATCH This Week

In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40125 HIGH PATCH This Week

In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40120 HIGH PATCH This Week

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40117 HIGH PATCH This Week

In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40116 HIGH PATCH This Week

In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-27858 HIGH This Week

Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27854 HIGH This Week

An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-44219 HIGH This Week

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Directory Services Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34057 HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5443 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Invoice
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-5570 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.1.27.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Manager Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-46852 HIGH PATCH This Week

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Memcached
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46289 HIGH This Week

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk View
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34058 HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass Open Vm Tools Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-44220 HIGH This Week

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sonicwall Netextender
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-40131 HIGH PATCH This Week

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-34059 HIGH PATCH This Week

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. Rated high severity (CVSS 7.0).

Information Disclosure VMware Open Vm Tools Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-46813 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy