Skip to main content
CVE-2023-41725 HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-31102 HIGH This Week

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure 7 Zip Active Iq Unified Manager Oncommand Workflow Automation
NVD
CVSS 3.1
7.8
EPSS
71.0%
CVE-2023-46176 HIGH PATCH This Week

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32508 HIGH This Week

A vulnerability in cageehv Order Your Posts Manually order-your-posts-manually.2.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-32121 HIGH This Week

A vulnerability in Ben Marshall Zero Spam zero-spam.4.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-34179 HIGH This Week

A vulnerability in Adrian Tobey Groundhogg groundhogg.7.11. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-47235 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47234 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39299 HIGH This Week

A path traversal vulnerability has been reported to affect Music Station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Music Station
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5824 HIGH This Week

A flaw was found in Squid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-46848 HIGH This Week

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux Enterprise Linux Eus Enterprise Linux Server Aus +1
NVD GitHub
CVSS 3.1
7.5
EPSS
10.2%
CVE-2023-46847 HIGH This Week

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Squid Enterprise Linux Enterprise Linux Eus +7
NVD GitHub
CVSS 3.1
7.5
EPSS
85.9%
CVE-2023-41344 HIGH This Week

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Mobile Device Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45024 HIGH PATCH This Week

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44271 HIGH PATCH This Week

An issue was discovered in Pillow before 10.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-43665 HIGH PATCH This Week

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41260 HIGH This Week

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41259 HIGH This Week

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41164 HIGH PATCH This Week

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-43018 HIGH PATCH This Week

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36034 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free RCE Microsoft Memory Corruption +1
NVD
CVSS 3.1
7.3
EPSS
2.7%
CVE-2023-41352 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection G 040W Q Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-25990 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.1.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-26015 HIGH This Week

A vulnerability in chrisvrichardson MapPress Maps for WordPress mappress-google-maps-for-wordpress.85.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google SQLi
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-5088 HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-1476 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-41914 HIGH This Week

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Slurm Fedora
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-47588 MEDIUM This Month

A vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery.8.1. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-36022 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.6
EPSS
1.2%
CVE-2023-45189 MEDIUM PATCH This Month

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Hashicorp IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4091 MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-42670 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-41356 MEDIUM This Month

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Tronclass Ilearn
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5946 MEDIUM PATCH This Month

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Digirisk
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4592 MEDIUM This Month

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Wpn Xm
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4768 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2023-4767 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-47426 MEDIUM This Month

A vulnerability in neshanmaps Neshan Maps neshan-maps.1.4. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-41343 MEDIUM This Month

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Cloud Database
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35896 MEDIUM PATCH This Month

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42029 MEDIUM PATCH This Month

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46846 MEDIUM This Month

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Squid Enterprise Linux Enterprise Linux Eus +5
NVD GitHub
CVSS 3.1
5.3
EPSS
5.3%
CVE-2023-41354 MEDIUM This Month

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia G 040W Q Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-47233 MEDIUM PATCH This Month

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Broadcom Linux Information Disclosure Use After Free Memory Corruption +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-39301 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap SSRF Qts Quts Hero Qutscloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-36029 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy