Skip to main content
CVE-2023-5583 HIGH POC This Week

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Wp Simple Galleries
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46478 HIGH POC This Week

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42323 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP CSRF Douhaocms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5833 HIGH POC PATCH This Week

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45672 HIGH POC This Week

Frigate is an open source network video recorder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Deserialization Frigate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-46863 HIGH POC This Week

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Peppermint
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5844 HIGH POC PATCH This Week

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-46865 HIGH POC PATCH THREAT This Week

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Crater
NVD GitHub
CVSS 3.1
7.2
EPSS
20.3%
CVE-2023-5315 HIGH PATCH This Week

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Google WordPress Google Maps Made Simple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5250 HIGH This Week

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-42803 HIGH This Week

BigBlueButton is an open-source virtual classroom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Bigbluebutton
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41891 HIGH PATCH This Week

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Flyteadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-21392 HIGH This Week

In Bluetooth, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21361 HIGH This Week

In Bluetooth, there is a possibility of code-execution due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-21356 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-47101 HIGH This Week

The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openvpn Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21398 HIGH This Week

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21397 HIGH This Week

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21396 HIGH This Week

In Activity Manager, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21393 HIGH This Week

In Settings, there is a possible way for the user to change SIM due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21390 HIGH This Week

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21389 HIGH This Week

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21388 HIGH This Week

In Settings, there is a possible restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21381 HIGH This Week

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Privilege Escalation RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21378 HIGH This Week

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21375 HIGH This Week

In Sysproxy, there is a possible out of bounds write due to an integer underflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21374 HIGH This Week

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21373 HIGH This Week

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21372 HIGH This Week

In libdexfile, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21358 HIGH This Week

In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21355 HIGH This Week

In libaudioclient, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21351 HIGH This Week

In multiple locations, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21343 HIGH This Week

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21342 HIGH This Week

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21341 HIGH This Week

In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21337 HIGH This Week

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21328 HIGH This Week

In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21324 HIGH This Week

In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21313 HIGH This Week

In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21298 HIGH This Week

In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-44141 HIGH This Week

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Inkdrop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45956 HIGH This Week

An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Led Strip Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21391 HIGH This Week

In Messaging, there is a possible way to disable the messaging application due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21353 HIGH This Week

In NFA, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21347 HIGH This Week

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-21339 HIGH This Week

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-45780 HIGH This Week

In Print Service, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy