Skip to main content
CVE-2023-48312 CRITICAL POC PATCH Act Now

capsule-proxy is a reverse proxy for the capsule operator project. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Authentication Bypass Capsule Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-6274 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S80 up to 20231108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S80 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-49298 HIGH POC PATCH This Week

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass IBM Openzfs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-6276 HIGH POC This Week

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6293 HIGH POC PATCH This Week

Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Sequelize Typescript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-6277 MEDIUM POC PATCH This Month

An out-of-memory flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libtiff Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-33706 MEDIUM POC This Month

SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sysaid
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6275 MEDIUM POC This Month

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fluig
NVD VulDB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-46575 CRITICAL PATCH Act Now

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SQLi Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48712 HIGH PATCH This Week

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26279 HIGH PATCH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48711 LOW POC PATCH Monitor

google-translate-api-browser is an npm package which interfaces with the google translate web api. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js SSRF Google Google Translate Api Browser
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2023-48796 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Dolphinscheduler
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-44303 HIGH This Week

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rvtools
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48708 MEDIUM PATCH This Month

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shield
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-48707 MEDIUM PATCH This Month

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shield
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6251 LOW Monitor

Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, <= 2.0.0p39 allow an authenticated attacker to delete user-messages for individual users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Checkmk
NVD
CVSS 3.1
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy