Skip to main content
CVE-2023-46944 HIGH POC PATCH Act Now

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Gitlens
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-4226 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-4225 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4224 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4223 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4222 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-4221 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-29770 HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-46589 HIGH POC PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Apache Information Disclosure Request Smuggling
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2023-6201 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Panorama
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40056 HIGH This Week

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Solarwinds Platform
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-6239 HIGH This Week

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass M Files Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-42004 HIGH This Week

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-45539 HIGH This Week

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2023-49314 HIGH This Week

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
4.3%
CVE-2023-6219 HIGH PATCH This Week

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Bookingpress
NVD VulDB
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-6151 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.105. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Belediye
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-6150 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.105. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Belediye
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-30590 HIGH This Week

The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-48848 HIGH This Week

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ureport
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-49062 HIGH PATCH This Week

Katran could disclose non-initialized kernel memory as part of an IP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Katran
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34054 HIGH PATCH This Week

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reactor Netty
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34053 HIGH PATCH This Week

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4398 HIGH This Week

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30585 HIGH This Week

A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Microsoft Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-49075 HIGH PATCH This Week

The Admin Classic Bundle provides a Backend UI for Pimcore. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy