Skip to main content
CVE-2023-47444 HIGH POC This Week

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Opencart
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-47637 HIGH POC PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48089 HIGH POC This Week

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-48199 HIGH POC This Week

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Grocy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-48014 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48013 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48011 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47347 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47345 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-6112 HIGH This Week

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
30.3%
CVE-2023-5997 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40923 HIGH PATCH This Week

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Orders Csv Excel Export Pro
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-43582 HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22818 HIGH This Week

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Sandisk Security Installer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33873 HIGH This Week

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47586 HIGH This Week

Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47585 HIGH This Week

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47584 HIGH This Week

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47583 HIGH This Week

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47582 HIGH This Week

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47581 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47580 HIGH This Week

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43591 HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43590 HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41718 HIGH This Week

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38543 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38043 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-35080 HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-5720 HIGH This Week

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Quarkus
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34062 HIGH PATCH This Week

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Reactor Netty
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-34982 HIGH This Week

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-31100 HIGH This Week

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Securecore Technology
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy