Skip to main content
CVE-2023-26158 HIGH POC This Week

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Mock Js
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-43305 HIGH POC This Week

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-6611 HIGH POC This Week

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Oa Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6608 HIGH POC This Week

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Oa Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6607 HIGH POC This Week

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-48122 HIGH POC PATCH This Week

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6610 HIGH POC This Week

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6606 HIGH POC This Week

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux +3
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-6618 HIGH This Week

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Simple Student Attendance System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47565 HIGH KEV THREAT This Week

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr Firmware
NVD
CVSS 3.1
8.8
EPSS
73.3%
CVE-2023-46157 HIGH This Week

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-43743 HIGH This Week

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mx Se Firmware Mx Se Ii Firmware Mx E Firmware Mx Virtual Firmware +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46496 HIGH PATCH This Week

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Evershop
NVD
CVSS 3.1
8.3
EPSS
1.2%
CVE-2023-48421 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48409 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48407 HIGH This Week

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48402 HIGH This Week

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32460 HIGH This Week

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Authentication Bypass Poweredge R660 Firmware Poweredge R760 Firmware +124
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6337 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48416 HIGH This Week

In multiple locations, there is a possible null dereference due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48410 HIGH This Week

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48404 HIGH This Week

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48403 HIGH This Week

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48398 HIGH This Week

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-6245 HIGH PATCH This Week

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Candid
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-49788 HIGH This Week

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Richdocumentscode
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-32975 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-32968 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-43744 HIGH This Week

An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mx Se Firmware Mx Se Ii Firmware Mx E Firmware Mx Virtual Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy