Skip to main content
CVE-2023-49210 CRITICAL POC PATCH Act Now

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js OpenSSL Command Injection Node Openssl
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-49213 HIGH POC This Week

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Powershell Universal
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-3377 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3631 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49214 CRITICAL Act Now

Usedesk before 1.7.57 allows chat template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Usedesk
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49208 CRITICAL PATCH Act Now

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Glewlwyd Sso Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4677 CRITICAL Act Now

Cron log backup files contain administrator session IDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-41790 CRITICAL Act Now

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-28812 CRITICAL Act Now

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Localservicecomponents
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29076 CRITICAL Act Now

A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Advance Steel Autocad Architecture +7
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29075 CRITICAL Act Now

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Autocad +9
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29074 CRITICAL Act Now

A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Autocad +9
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29073 CRITICAL Act Now

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Heap Overflow Autocad +9
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33202 MEDIUM POC PATCH This Month

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java OpenSSL Denial Of Service Bouncy Castle For Java Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-41812 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41807 HIGH This Week

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-41788 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5972 HIGH PATCH This Week

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-44290 HIGH This Week

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Authentication Bypass Command Monitor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44289 HIGH This Week

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Authentication Bypass Command Configure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43086 HIGH This Week

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Authentication Bypass Command Configure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39253 HIGH This Week

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Os Recovery Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41140 HIGH This Week

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Heap Overflow Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-41139 HIGH This Week

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Autocad Autocad Advance Steel Autocad Architecture Autocad Civil 3D +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6118 HIGH This Week

Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.1.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Neu Ipb210 28 Firmware Ntl Pt 06Wod 3Mp Firmware Neu Ipb410 28 Firmware Ntl Bc 01W Firmware +13
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-41808 HIGH This Week

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pandora Fms
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41806 HIGH This Week

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pandora Fms
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41787 HIGH This Week

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28813 HIGH This Week

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Localservicecomponents
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-47668 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin - Restrict Content plugin <= 3.2.7 versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Restrict Content
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30581 HIGH This Week

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-41786 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4595 MEDIUM This Month

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Slmail
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4593 MEDIUM This Month

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Slmail
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28811 MEDIUM PATCH This Month

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Hikvision Nvr 216Mh C D Firmware Nvr 216Mh C 16P D Firmware Nvr 208Mh C 8P D Firmware +37
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-40002 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Booster For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23978 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp Client Reports
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4406 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kc Group E Commerce Software
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-49215 MEDIUM This Month

Usedesk before 1.7.57 allows filter reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usedesk
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41811 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41810 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41792 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-41789 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47790 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pz Linkcard
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-47529 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Templates Patterns Collection
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2023-43123 MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian Java Apache +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49216 MEDIUM This Month

Usedesk before 1.7.57 allows profile stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usedesk
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4594 MEDIUM This Month

Stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slmail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47839 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ecommerce Product Catalog
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy