Skip to main content
CVE-2023-50252 CRITICAL POC PATCH THREAT Act Now

php-svg-lib is an SVG file parsing / rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Deserialization Php Svg Lib
NVD GitHub
CVSS 3.1
9.8
EPSS
23.9%
CVE-2023-43364 CRITICAL POC PATCH Act Now

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Searchor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-48225 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-36649 CRITICAL POC Act Now

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Cryptospike
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-6709 HIGH POC PATCH This Week

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ssti Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36646 HIGH POC This Week

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Cryptospike
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36648 HIGH POC This Week

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Cryptospike
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-50251 HIGH POC PATCH This Week

php-svg-lib is an SVG file parsing / rendering library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Php Svg Lib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46455 HIGH POC THREAT This Week

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2023-36647 HIGH POC This Week

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-41623 HIGH POC This Week

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emlog
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-36651 HIGH POC This Week

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-36650 HIGH POC This Week

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cryptospike
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-26920 MEDIUM POC PATCH This Month

fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Fast Xml Parser
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-36654 MEDIUM POC This Month

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cryptospike
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-28604 MEDIUM POC PATCH This Month

{content} use cases that may be edge cases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fluid Components
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49563 MEDIUM POC This Month

Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Snmp Web Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6593 CRITICAL Act Now

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46456 CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-46454 CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gl Ar300M Firmware
NVD
CVSS 3.1
9.8
EPSS
23.5%
CVE-2023-48427 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Sinec Ins
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41117 CRITICAL Act Now

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-50424 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Privilege Escalation Cloud Security Client Go
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50423 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Python Privilege Escalation Sap Xssec
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50422 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Privilege Escalation Cloud Security Services Integration Library
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49583 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Node.js Privilege Escalation Sap Xssec
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49994 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Espeak Ng
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-49581 CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft SQLi Netweaver Application Server Abap
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2023-46219 MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-49993 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49992 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49991 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49990 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-3517 HIGH This Week

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pentaho Data Integration And Analytics
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-36006 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-35641 HIGH PATCH This Week

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
7.2%
CVE-2023-35639 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-35634 HIGH PATCH This Week

Windows Bluetooth Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows 11 21H2 +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35630 HIGH PATCH This Week

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2023-46281 HIGH PATCH This Week

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cors Misconfiguration Information Disclosure Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45316 HIGH This Week

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Path Traversal CSRF Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-48641 HIGH This Week

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41119 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41118 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-42910 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42890 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-38380 HIGH This Week

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 6Gk7243 8Rx30 0Xe0 Firmware 6Gk7543 1Ax00 0Xe0 Firmware 6Ag1543 1Ax00 2Xe0 Firmware Simatic Cp 1242 7 V2 Firmware +5
NVD
CVSS 4.0
8.7
EPSS
1.0%
CVE-2023-48431 HIGH PATCH This Week

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sinec Ins
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-36652 MEDIUM POC This Month

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cryptospike
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-36005 HIGH PATCH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.1
EPSS
23.9%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy