Skip to main content
CVE-2023-48025 HIGH POC This Week

Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Liblisp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-48029 HIGH POC This Week

Corebos 8.0 and below is vulnerable to CSV Injection. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Corebos
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2023-48238 HIGH POC PATCH This Week

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Json Web Token
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-46745 HIGH POC PATCH This Week

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Librenms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26347 HIGH POC THREAT This Week

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.5
EPSS
10.1%
CVE-2023-39548 HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39547 HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-39546 HIGH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-39545 HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Information Disclosure Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39544 HIGH PATCH This Week

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-38130 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Cubecart
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-5444 HIGH This Week

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Epolicy Orchestrator
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-6179 HIGH This Week

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folder(s). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Honeywell Prowatch
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47073 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47070 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47069 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47068 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47067 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47066 HIGH PATCH This Week

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48185 HIGH This Week

Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Terra Master
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-22275 HIGH This Week

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure SQLi Robohelp Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-22274 HIGH This Week

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XXE Information Disclosure Robohelp Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-22272 HIGH This Week

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Robohelp Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-41102 HIGH PATCH This Week

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Opennds
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38322 HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38320 HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38315 HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38313 HIGH PATCH This Week

An issue was discovered in OpenNDS Captive Portal before 10.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45382 HIGH This Week

In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sonice Retour
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-22273 HIGH This Week

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Adobe Robohelp Server
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2023-47675 HIGH PATCH This Week

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Cubecart
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy