Skip to main content
CVE-2023-49070 CRITICAL POC PATCH THREAT Act Now

Pre-auth RCE in Apache Ofbiz 18.12.09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
95.4%
CVE-2023-6269 CRITICAL POC Act Now

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unify Openscape Bcf Unify Openscape Branch Unify Openscape Session Border Controller
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-49291 CRITICAL POC PATCH Act Now

tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Branch Names
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49448 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49447 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49446 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49398 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49397 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49396 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49395 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49383 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49382 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49381 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49380 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49379 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49378 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49377 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49376 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49375 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49374 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49373 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49372 HIGH POC This Week

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45842 HIGH POC This Week

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-45841 HIGH POC This Week

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-45840 HIGH POC This Week

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-45839 HIGH POC This Week

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-45838 HIGH POC PATCH This Week

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-43608 HIGH POC PATCH This Week

A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Buildroot
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-49297 HIGH POC PATCH This Week

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Google Deserialization Pydrive2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-47304 HIGH POC This Week

An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vdv23 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43628 HIGH POC This Week

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpsd
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-43472 HIGH POC PATCH THREAT This Week

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mlflow
NVD
CVSS 3.1
7.5
EPSS
36.6%
CVE-2023-49284 MEDIUM POC PATCH This Month

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Information Disclosure Denial Of Service Apple Fish
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-46736 MEDIUM POC PATCH This Month

EspoCRM is an Open Source CRM (Customer Relationship Management) software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Espocrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-26943 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Keyless Smart Lock Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-26942 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Ia 210 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-26941 MEDIUM POC This Month

Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yale Conexis L1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6448 CRITICAL KEV THREAT Act Now

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vision1210 Firmware Vision1040 Firmware Vision700 Firmware Vision570 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-42580 CRITICAL Act Now

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33083 CRITICAL Act Now

Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn685X 5 Firmware +111
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33082 CRITICAL Act Now

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn685X 5 Firmware +111
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-48698 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48697 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Null Pointer Dereference Microsoft Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48696 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48695 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Microsoft Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48694 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48693 CRITICAL Act Now

Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Azure Rtos Threadx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48692 CRITICAL Act Now

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Microsoft Azure Rtos Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-48691 CRITICAL Act Now

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Microsoft Azure Rtos Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-48316 CRITICAL Act Now

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Microsoft Azure Rtos Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy