Skip to main content
CVE-2023-36424 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation in the Windows Common Log File System (CLFS) driver allows authenticated low-privileged attackers to elevate to SYSTEM on Windows 10 (1507 through 22H2) and Windows 11 21H2. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and EPSS places it in the 93rd percentile for exploitation likelihood. Microsoft has released patches via standard monthly updates.

Buffer Overflow Microsoft Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
10.3%
Threat
4.9
CVE-2023-6131 HIGH POC PATCH This Week

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6130 HIGH POC PATCH This Week

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6125 HIGH POC PATCH This Week

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48021 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48020 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46582 HIGH POC This Week

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46022 HIGH POC This Week

SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-36041 HIGH POC PATCH THREAT This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
56.7%
CVE-2023-46024 HIGH POC This Week

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47627 HIGH POC PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Information Disclosure Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-45560 HIGH POC This Week

An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Memberscard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45558 HIGH POC This Week

An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Golden
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45880 HIGH POC This Week

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Gibbon
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-48217 HIGH PATCH This Week

Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Statamic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5528 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-47640 HIGH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Datahub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47631 HIGH PATCH This Week

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Vantage6
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-36437 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Azure Pipelines Agent
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39412 HIGH This Week

Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel CSRF Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-39221 HIGH This Week

Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-36860 HIGH This Week

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32641 HIGH This Week

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Intel Quickassist Technology
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22663 HIGH This Week

Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Unison Software
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38151 HIGH PATCH This Week

Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Host Integration Server Ole Db Provider
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-36560 HIGH PATCH This Week

ASP.NET Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Net Framework
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-36423 HIGH PATCH This Week

Microsoft Remote Registry Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-36402 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-36400 HIGH PATCH This Week

Windows HMAC Key Derivation Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-36025 HIGH POC KEV PATCH THREAT This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.8
EPSS
88.2%
CVE-2023-36017 HIGH PATCH This Week

Windows Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
8.8
EPSS
25.3%
CVE-2023-26205 HIGH This Week

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortiadc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-46098 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cors Misconfiguration Information Disclosure Simatic Pcs Neo
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-47609 HIGH This Week

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Oss Calendar
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-42326 HIGH This Week

An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Command Injection Pfsense Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
64.0%
CVE-2023-36052 HIGH PATCH This Week

Azure CLI REST Command Information Disclosure Vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Command Line Interface
NVD
CVSS 3.1
8.6
EPSS
21.5%
CVE-2023-44317 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Scalance Xb208 E Ip Firmware Scalance Xb208 Pn Firmware Scalance Xb216 E Ip Firmware +66
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2023-45619 HIGH This Week

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45618 HIGH This Week

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-45617 HIGH This Week

There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-20571 HIGH This Week

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Privilege Escalation Ryzen 3 5100 Firmware Ryzen 3 5300G Firmware Ryzen 3 5300Ge Firmware +68
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-45794 HIGH This Week

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mendix
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-25756 HIGH This Week

Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Core I5 9400F Firmware Celeron J4005 Firmware Celeron N4100 Firmware Celeron N4000 Firmware Celeron J4105 Firmware +627
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-36439 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
4.9%
CVE-2023-36425 HIGH PATCH This Week

Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +13
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2023-36050 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
39.2%
CVE-2023-36039 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
73.0%
CVE-2023-36035 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
86.6%
CVE-2023-36021 HIGH PATCH This Week

Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft On Prem Data Gateway
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-46097 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Simatic Pcs Neo
NVD
CVSS 3.1
8.0
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy