Skip to main content
CVE-2023-47397 CRITICAL POC Act Now

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Webid
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45857 MEDIUM POC PATCH MAL This Month

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Axios
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4249 CRITICAL Act Now

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Command Injection Cf7500 Firmware Cf7300 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2023-45225 CRITICAL Act Now

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cf7500 Firmware Cf7300 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43755 CRITICAL Act Now

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cf7500 Firmware Cf7300 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-3959 CRITICAL Act Now

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cf7500 Firmware Cf7300 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
40.4%
CVE-2023-39435 CRITICAL Act Now

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cf7500 Firmware Cf7300 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29974 CRITICAL Act Now

An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Pfsense
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-5913 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortify Scancentral Dast
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45849 CRITICAL Act Now

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Code Injection Helix Core
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-6012 CRITICAL Act Now

An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Onsafe Monitorhm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5941 CRITICAL Act Now

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Freebsd
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46363 MEDIUM POC This Month

jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jbig2Enc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46362 MEDIUM POC This Month

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Jbig2Enc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46483 MEDIUM POC This Month

Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auto Web Based Database Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5801 CRITICAL Act Now

Vulnerability of identity verification being bypassed in the face unlock module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-5996 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-47107 HIGH This Week

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pilos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-39913 HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java Apache Checkpoint +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-41270 MEDIUM POC This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Ue40D7000 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-47109 HIGH PATCH This Week

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Customer Reassurance Block
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-4706 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft Preload Directory
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4632 HIGH PATCH This Week

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Lenovo Information Disclosure System Update
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5079 HIGH This Week

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Lecloud
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36667 HIGH This Week

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45875 HIGH This Week

An issue was discovered in Couchbase Server 7.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5759 HIGH This Week

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Helix Core
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45319 HIGH This Week

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Helix Core
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-35767 HIGH This Week

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Helix Core
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46759 HIGH This Week

Permission control vulnerability in the call module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46758 HIGH This Week

Permission management vulnerability in the multi-screen interaction module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46757 HIGH This Week

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46774 HIGH This Week

Vulnerability of uncaught exceptions in the NFC module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46772 HIGH This Week

Vulnerability of parameters being out of the value range in the QMI service module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46767 HIGH This Week

Out-of-bounds write vulnerability in the kernel driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46766 HIGH This Week

Out-of-bounds write vulnerability in the kernel driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46765 HIGH This Week

Vulnerability of uncaught exceptions in the NFC module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46762 HIGH This Week

Out-of-bounds write vulnerability in the kernel driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46761 HIGH This Week

Out-of-bounds write vulnerability in the kernel driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46760 HIGH This Week

Out-of-bounds write vulnerability in the kernel driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5978 HIGH This Week

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46771 HIGH This Week

Security vulnerability in the face unlock module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44098 HIGH This Week

Vulnerability of missing encryption in the card management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-41112 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 9810 Firmware Exynos 9610 Firmware Exynos 9820 Firmware +13
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41111 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9810 Firmware Exynos 9610 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44115 HIGH This Week

Vulnerability of improper permission control in the Booster module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46770 HIGH This Week

Out-of-bounds vulnerability in the sensor module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46769 HIGH This Week

Use-After-Free (UAF) vulnerability in the dubai module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46768 HIGH This Week

Multi-thread vulnerability in the idmap module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-6001 HIGH This Week

Prometheus metrics are available without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yugabytedb
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy