Skip to main content
CVE-2022-45805 HIGH POC THREAT Act Now

A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.7.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%.

SQLi
NVD
CVSS 3.1
8.2
EPSS
39.4%
Threat
4.3
CVE-2023-46947 HIGH POC This Week

Subrion 4.2.1 has a remote command execution vulnerability in the backend. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Subrion
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-4043 HIGH POC PATCH This Week

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Parsson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34260 HIGH POC THREAT This Week

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service D Copia253Mf Plus Firmware
NVD
CVSS 3.1
7.5
EPSS
73.4%
CVE-2023-41652 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
4.8%
CVE-2023-3893 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft Csi Proxy
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-4769 HIGH This Week

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Desktop Central
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-41357 HIGH This Week

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vitals Enterprise Social Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41353 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force G 040W Q Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41348 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-41347 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-41346 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-41345 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-42027 HIGH PATCH This Week

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-46859 HIGH This Week

A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.9.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-34383 HIGH This Week

A vulnerability in weDevs WP Project Manager wedevs-project-manager.6.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-36677 HIGH This Week

A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.67. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-25700 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.1.10. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-46818 HIGH This Week

A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-47445 HIGH This Week

A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.2.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-46808 HIGH This Week

A vulnerability in reputeinfosystems ARMember armember-membership.4.11. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-25800 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.2.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-1194 HIGH PATCH This Week

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-41726 HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41725 HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-31102 HIGH This Week

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure 7 Zip Active Iq Unified Manager Oncommand Workflow Automation
NVD
CVSS 3.1
7.8
EPSS
71.0%
CVE-2023-46176 HIGH PATCH This Week

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32508 HIGH This Week

A vulnerability in cageehv Order Your Posts Manually order-your-posts-manually.2.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-32121 HIGH This Week

A vulnerability in Ben Marshall Zero Spam zero-spam.4.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-34179 HIGH This Week

A vulnerability in Adrian Tobey Groundhogg groundhogg.7.11. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-47235 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47234 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39299 HIGH This Week

A path traversal vulnerability has been reported to affect Music Station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Music Station
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5824 HIGH This Week

A flaw was found in Squid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-46848 HIGH This Week

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid Enterprise Linux Enterprise Linux Eus Enterprise Linux Server Aus +1
NVD GitHub
CVSS 3.1
7.5
EPSS
10.2%
CVE-2023-46847 HIGH This Week

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Squid Enterprise Linux Enterprise Linux Eus +7
NVD GitHub
CVSS 3.1
7.5
EPSS
85.9%
CVE-2023-41344 HIGH This Week

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Mobile Device Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45024 HIGH PATCH This Week

Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44271 HIGH PATCH This Week

An issue was discovered in Pillow before 10.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-43665 HIGH PATCH This Week

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41260 HIGH This Week

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41259 HIGH This Week

Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Tracker
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41164 HIGH PATCH This Week

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Django Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-43018 HIGH PATCH This Week

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36034 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free RCE Microsoft Memory Corruption +1
NVD
CVSS 3.1
7.3
EPSS
2.7%
CVE-2023-41352 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection G 040W Q Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-25990 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.1.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-26015 HIGH This Week

A vulnerability in chrisvrichardson MapPress Maps for WordPress mappress-google-maps-for-wordpress.85.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google SQLi
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-5088 HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-1476 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy