Skip to main content
CVE-2023-6019 CRITICAL POC PATCH THREAT Act Now

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ray
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
74.6%
CVE-2023-46214 HIGH POC THREAT Act Now

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Splunk RCE Cloud
NVD GitHub
CVSS 3.1
8.8
EPSS
89.1%
CVE-2023-6014 CRITICAL POC PATCH Act Now

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mlflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-6018 CRITICAL POC PATCH THREAT Act Now

An attacker can overwrite any file on the server hosting MLflow without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mlflow
NVD
CVSS 3.1
9.8
EPSS
47.9%
CVE-2023-6016 CRITICAL POC THREAT Act Now

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection H2O
NVD
CVSS 3.1
9.8
EPSS
30.6%
CVE-2023-47003 CRITICAL POC Act Now

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Null Pointer Dereference Redisgraph
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-6022 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Prefect
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43275 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6020 HIGH POC PATCH THREAT This Week

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ray
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2023-48134 HIGH POC This Week

nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6038 HIGH POC This Week

A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H2O
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2023-6021 HIGH POC PATCH THREAT This Week

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ray
NVD
CVSS 3.1
7.5
EPSS
37.1%
CVE-2023-6023 HIGH POC This Week

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Modeldb
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-6015 HIGH POC PATCH This Week

MLflow allowed arbitrary files to be PUT onto the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mlflow
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2023-6017 HIGH POC This Week

H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-48204 MEDIUM POC This Month

An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Publiccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-47674 CRITICAL Act Now

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cfr 1004Ea Firmware Cfr 1008Ea Firmware Cfr 1016Ea Firmware Cfr 16Eaa Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-47213 CRITICAL Act Now

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cfr 1004Ea Firmware Cfr 1008Ea Firmware Cfr 1016Ea Firmware Cfr 16Eaa Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-47025 MEDIUM POC This Month

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-6013 MEDIUM POC This Month

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H2O
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-47687 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Woo Custom And Sequential Order Number
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47686 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Arigato Autoresponder And Newsletter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47688 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtube Speedload
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-43752 HIGH This Week

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc X3000Gs2 W Firmware Wrc X3000Gs2 B Firmware Wrc X3000Gs2A B Firmware
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2023-47059 HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47058 HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47057 HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47056 HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47055 HIGH This Week

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47047 HIGH This Week

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Audition
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26368 HIGH This Week

Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Incopy
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47043 HIGH This Week

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47042 HIGH This Week

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47041 HIGH This Week

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47040 HIGH This Week

Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-44330 HIGH This Week

Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6119 HIGH This Week

An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Getsusp
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44372 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2023-44371 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2023-44367 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-44366 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2023-44365 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2023-44359 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-44338 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2023-44337 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2023-44336 HIGH This Week

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-44292 HIGH This Week

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44282 HIGH This Week

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39259 HIGH This Week

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Os Recovery Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47470 HIGH PATCH This Week

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy