Skip to main content
CVE-2023-42327 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
5.4
EPSS
55.4%
CVE-2023-42325 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
5.4
EPSS
57.9%
CVE-2023-41570 MEDIUM POC This Month

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mikrotik Authentication Bypass Routeros
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25603 CRITICAL Act Now

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Fortinet Information Disclosure Fortiadc Fortiddos F
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-46025 MEDIUM POC This Month

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-48217 HIGH PATCH This Week

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Statamic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-46026 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email'. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Teacher Subject Allocation Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5528 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-47640 HIGH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Datahub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47631 HIGH PATCH This Week

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Vantage6
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-36437 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Azure Pipelines Agent
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39412 HIGH This Week

Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel CSRF Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-39221 HIGH This Week

Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-36860 HIGH This Week

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32641 HIGH This Week

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Quickassist Technology
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22663 HIGH This Week

Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38151 HIGH PATCH This Week

Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Host Integration Server Ole Db Provider
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-36560 HIGH PATCH This Week

ASP.NET Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Net Framework
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-36423 HIGH PATCH This Week

Microsoft Remote Registry Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-36402 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-36400 HIGH PATCH This Week

Windows HMAC Key Derivation Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-36025 HIGH POC KEV PATCH THREAT This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.8
EPSS
88.2%
CVE-2023-36017 HIGH PATCH This Week

Windows Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
8.8
EPSS
25.3%
CVE-2023-26205 HIGH This Week

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortiadc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-46098 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cors Misconfiguration Information Disclosure Simatic Pcs Neo
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-47609 HIGH This Week

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Oss Calendar
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-42326 HIGH This Week

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Command Injection Pfsense Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
64.0%
CVE-2023-31754 MEDIUM POC This Month

Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Optimizely Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47628 MEDIUM POC This Month

DataHub is an open-source metadata platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Datahub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36052 HIGH PATCH This Week

Azure CLI REST Command Information Disclosure Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Command Line Interface
NVD
CVSS 3.1
8.6
EPSS
21.5%
CVE-2023-44317 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Scalance Xb208 E Ip Firmware Scalance Xb208 Pn Firmware Scalance Xb216 E Ip Firmware +66
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2023-6124 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Suitecrm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-45619 HIGH This Week

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45618 HIGH This Week

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45617 HIGH This Week

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-20571 HIGH This Week

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Privilege Escalation Ryzen 3 5100 Firmware Ryzen 3 5300G Firmware Ryzen 3 5300Ge Firmware +68
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-45794 HIGH This Week

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mendix
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-25756 HIGH This Week

Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Core I5 9400F Firmware Celeron J4005 Firmware Celeron N4100 Firmware Celeron N4000 Firmware Celeron J4105 Firmware +627
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-36439 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
4.9%
CVE-2023-36425 HIGH PATCH This Week

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +13
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2023-36050 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
39.2%
CVE-2023-36039 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
73.0%
CVE-2023-36035 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
86.6%
CVE-2023-36021 HIGH PATCH This Week

Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft On Prem Data Gateway
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-46097 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Simatic Pcs Neo
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-47629 HIGH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Datahub
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-31403 HIGH This Week

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SAP Authentication Bypass Business One
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-39537 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39536 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39535 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy