Skip to main content
CVE-2023-46814 HIGH This Week

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Vlc Media Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40152 HIGH This Week

When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file an out of bounds write may occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35127 HIGH This Week

Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5983 HIGH This Week

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.1.133.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pharmacy Automation
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-6252 HIGH This Week

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Chameleon Power
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3104 HIGH This Week

Lack of authentication vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-6117 HIGH This Week

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46673 HIGH PATCH This Week

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6007 HIGH This Week

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Userpro
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-2841 HIGH This Week

The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Advanced Local Pickup For Woocommerce
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-48646 HIGH This Week

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Recoverymanager Plus
NVD
CVSS 3.1
7.2
EPSS
82.2%
CVE-2023-5921 HIGH This Week

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.0.0.27396. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Geodi
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy