Skip to main content
CVE-2023-47360 HIGH POC CISA Act Now

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
Threat
5.0
CVE-2023-5709 HIGH POC This Week

The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wd Widgettwitter
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46730 HIGH POC PATCH This Week

Group-Office is an enterprise CRM and groupware tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF PHP Microsoft Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-33480 HIGH POC This Week

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Remote Clinic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-43885 HIGH POC This Week

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda Rx9 Pro Firmware
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-41036 HIGH POC PATCH This Week

Macvim is a text editor for MacOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Macvim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5998 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46253 HIGH POC This Week

Squidex is an open source headless CMS and content management hub. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Squidex
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-46845 HIGH POC This Week

EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ec Cube
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-43886 HIGH POC This Week

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Rx9 Pro Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-25983 HIGH This Week

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.5.84. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kb Support
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45380 HIGH This Week

In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Order Duplicator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-46243 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-46244 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46242 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-42659 HIGH This Week

In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ws Ftp Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28572 HIGH PATCH This Week

Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Csrb31024 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +50
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-42361 HIGH This Week

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Atlassian Better Pdf Exporter
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-5179 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4295 HIGH This Week

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Mali Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3889 HIGH This Week

A local non-privileged user can make improper GPU memory processing operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42538 HIGH This Week

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42537 HIGH This Week

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42536 HIGH This Week

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42535 HIGH This Week

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42529 HIGH This Week

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42528 HIGH This Week

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30739 HIGH This Week

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33074 HIGH PATCH This Week

Memory corruption in Audio when SSR event is triggered after music playback is stopped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wcn6750 Firmware Wcn685X 5 Firmware +57
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33059 HIGH PATCH This Week

Memory corruption in Audio while processing the VOC packet data from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware +255
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33055 HIGH PATCH This Week

Memory Corruption in Audio while invoking callback function in driver from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +147
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33031 HIGH PATCH This Week

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +160
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28574 HIGH This Week

Memory corruption in core services when Diag handler receives a command to configure event listeners. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Wcn6750 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +73
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28570 HIGH This Week

Memory corruption while processing audio effects. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +79
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28556 HIGH This Week

Cryptographic issue in HLOS during key management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28545 HIGH This Week

Memory corruption in TZ Secure OS while loading an app ELF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24852 HIGH This Week

Memory Corruption in Core due to secure memory access by user while loading modem image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware +262
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21671 HIGH This Week

Memory Corruption in Core during syscall for Sectools Fuse comparison feature. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Qca6391 Firmware Qcm6490 Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41616 HIGH This Week

A vulnerability in Kaushik Export Users Data CSV export-users-data-csv.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2023-43984 HIGH This Week

Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Advanced Export Products Orders Cron Csv Excel
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0436 HIGH PATCH This Week

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled.5.0, 1.6.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Atlas Kubernetes Operator
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42545 HIGH This Week

Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Phone
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42543 HIGH This Week

Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bixby Voice
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42532 HIGH This Week

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42530 HIGH This Week

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33061 HIGH This Week

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +110
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33056 HIGH This Week

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ar8035 Firmware Csr8811 Firmware Wcn685X 5 Firmware +112
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33048 HIGH This Week

Transient DOS in WLAN Firmware while parsing t2lm buffers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +110
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33047 HIGH This Week

Transient DOS in WLAN Firmware while parsing no-inherit IES. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +173
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0898 HIGH This Week

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Micom S1 Agile
NVD
CVSS 3.1
7.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy