Skip to main content
CVE-2023-49103 HIGH POC KEV THREAT This Week

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Docker Graph Api
NVD GitHub
CVSS 3.1
7.5
EPSS
78.4%
CVE-2023-45886 HIGH POC This Week

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Big Ip Next Big Ip Next Service Proxy For Kubernetes Big Ip Next Cloud Native Network Functions Big Ip Local Traffic Manager +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-48239 HIGH POC PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-20272 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22521 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Crowd
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22516 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian Bamboo
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6213 HIGH This Week

Memory safety bugs present in Firefox 119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6212 HIGH This Week

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6208 HIGH This Week

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6207 HIGH This Week

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4424 HIGH This Week

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-20274 HIGH This Week

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco PHP Appdynamics
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6235 HIGH This Week

An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Duet Display
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21418 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2018 Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-21417 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy