Skip to main content
CVE-2023-43791 HIGH POC PATCH This Week

Label Studio is a multi-type data labeling and annotation tool with standardized output format. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-46894 HIGH POC This Week

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Esptool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26156 HIGH POC PATCH This Week

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection Authentication Bypass Chromedriver
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-5540 HIGH PATCH This Week

A remote code execution risk was identified in the IMSCP activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-5539 HIGH PATCH This Week

A remote code execution risk was identified in the Lesson activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-40055 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-40054 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-47489 HIGH This Week

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE PHP Itop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-39198 HIGH PATCH This Week

A race condition was found in the QXL driver in the Linux kernel. Rated high severity (CVSS 7.5). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Denial Of Service Privilege Escalation +3
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-5954 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4379 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45283 HIGH PATCH This Week

The filepath package does not recognize paths with a \??\ prefix as special. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Go
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2023-29975 HIGH This Week

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pfsense
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-47613 HIGH This Week

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy