Skip to main content
CVE-2023-36424 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation in the Windows Common Log File System (CLFS) driver allows authenticated low-privileged attackers to elevate to SYSTEM on Windows 10 (1507 through 22H2) and Windows 11 21H2. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and EPSS places it in the 93rd percentile for exploitation likelihood. Microsoft has released patches via standard monthly updates.

Buffer Overflow Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
10.3%
Threat
4.9
CVE-2023-6126 CRITICAL POC PATCH Act Now

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31247 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-28391 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28379 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27882 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Gecko Software Development Kit Cesium Net +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-25181 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Gecko Software Development Kit Cesium Net +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-24585 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45878 CRITICAL POC THREAT Act Now

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE PHP Gibbon
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2023-43902 CRITICAL POC Act Now

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Emsigner
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6131 HIGH POC PATCH This Week

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6130 HIGH POC PATCH This Week

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6125 HIGH POC PATCH This Week

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48021 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48020 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46582 HIGH POC This Week

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46022 HIGH POC This Week

SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-36041 HIGH POC PATCH THREAT This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
56.7%
CVE-2023-44373 CRITICAL CISA Emergency

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-46024 HIGH POC This Week

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47627 HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45560 HIGH POC This Week

An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Memberscard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45558 HIGH POC This Week

An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Golden
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45880 HIGH POC This Week

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Gibbon
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-5189 MEDIUM POC This Month

A path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Automation Platform Satellite
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47641 MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Open Redirect Aiohttp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-46132 MEDIUM POC PATCH This Month

Hyperledger Fabric is an open source permissioned distributed ledger framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Fabric
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-43900 MEDIUM POC This Month

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Emsigner
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-45881 MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Gibbon
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47684 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Essential Grid
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43901 MEDIUM POC This Month

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emsigner
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-45616 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45615 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45614 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-47130 CRITICAL PATCH Act Now

Yii is an open source PHP web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE PHP Deserialization Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-36049 CRITICAL PATCH Act Now

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2023-34060 CRITICAL Act Now

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Director
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-31273 CRITICAL PATCH Act Now

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20596 CRITICAL Act Now

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +60
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36553 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisiem
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-36397 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
17.5%
CVE-2023-36028 CRITICAL PATCH Act Now

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +10
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-36018 CRITICAL PATCH Act Now

Visual Studio Code Jupyter Extension Spoofing Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-34991 CRITICAL Act Now

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet SQLi Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-43504 CRITICAL Act Now

A vulnerability has been identified in COMOS (All versions < V10.4.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Comos
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46581 MEDIUM POC This Month

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Inventory Management
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46580 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Inventory Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6128 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6127 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45879 MEDIUM POC This Month

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy