Skip to main content
CVE-2023-36655 CRITICAL POC Act Now

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48849 CRITICAL POC Act Now

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rg Eg1000C Firmware Rg Eg1000E Firmware Rg Eg105G Firmware Rg Eg105G V2 Firmware +17
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48930 CRITICAL POC Act Now

xinhu xinhuoa 2.2.1 contains a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xinhu
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-49096 HIGH POC PATCH This Week

Jellyfin is a Free Software Media System for managing and streaming media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Jellyfin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-48859 HIGH POC This Week

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass A3002ru Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-49897 HIGH POC KEV THREAT This Week

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ae1021 Firmware Ae1021Pe Firmware
NVD
CVSS 3.1
8.8
EPSS
50.7%
CVE-2023-26154 MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin Pubnub Swift
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-46353 CRITICAL Act Now

In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Product Tag Icons Pro
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6458 CRITICAL PATCH Act Now

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Path Traversal Mattermost Server
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46773 CRITICAL Act Now

Permission management vulnerability in the PMS module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22524 CRITICAL Act Now

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Atlassian Companion
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-41268 CRITICAL PATCH Act Now

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.0.0 through 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Samsung Escargot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28875 MEDIUM POC This Month

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48123 HIGH PATCH This Week

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Pfsense Pfsense Plus
NVD GitHub
CVSS 3.1
8.8
EPSS
67.8%
CVE-2023-6514 HIGH This Week

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Ajmd 370S Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22523 HIGH This Week

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Assets Discovery Cloud Assets Discovery Data Center Assets Discovery Data Server
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2023-22522 HIGH This Week

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
12.8%
CVE-2023-6510 HIGH This Week

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6509 HIGH This Week

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6508 HIGH This Week

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28876 MEDIUM POC This Month

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filerun
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-39539 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-39538 HIGH This Week

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6288 HIGH This Week

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Remote Desktop Manager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46354 HIGH This Week

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orders Csv Excel Export Pro
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46751 HIGH This Week

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Ghostscript
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-45285 HIGH PATCH This Week

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-49247 HIGH This Week

Permission verification vulnerability in distributed scenarios. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49246 HIGH This Week

Unauthorized access vulnerability in the card management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49245 HIGH This Week

Unauthorized access vulnerability in the Huawei Share module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49244 HIGH This Week

Permission management vulnerability in the multi-user module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49243 HIGH This Week

Vulnerability of unauthorized access to email attachments in the email module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49242 HIGH This Week

Free broadcast vulnerability in the running management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49241 HIGH This Week

API permission control vulnerability in the network management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49240 HIGH This Week

Unauthorized access vulnerability in the launcher module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Redirect Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49239 HIGH This Week

Unauthorized access vulnerability in the card management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44113 HIGH This Week

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44099 HIGH This Week

Vulnerability of data verification errors in the kernel module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32268 HIGH This Week

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Filr
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-2861 HIGH PATCH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Authentication Bypass Qemu
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6512 MEDIUM This Month

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Debian Linux Fedora Chrome
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-24547 MEDIUM This Month

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6527 MEDIUM PATCH This Month

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Email Subscription Popup
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-46688 MEDIUM This Month

Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pleasanter
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49248 MEDIUM This Month

Vulnerability of unauthorized file access in the Settings app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-48940 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Daicuo
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34439 MEDIUM This Month

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pleasanter
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6393 MEDIUM PATCH This Month

A flaw was found in the Quarkus Cache Runtime. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Build Of Quarkus
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-39326 MEDIUM PATCH This Month

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-6459 MEDIUM PATCH This Month

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy