Skip to main content
CVE-2023-6709 HIGH POC PATCH This Week

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ssti Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36646 HIGH POC This Week

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Cryptospike
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36648 HIGH POC This Week

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Authentication Bypass Cryptospike
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-50251 HIGH POC PATCH This Week

php-svg-lib is an SVG file parsing / rendering library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Php Svg Lib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46455 HIGH POC THREAT This Week

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2023-36647 HIGH POC This Week

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-41623 HIGH POC This Week

Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emlog
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-36651 HIGH POC This Week

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-36650 HIGH POC This Week

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cryptospike
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-3517 HIGH This Week

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pentaho Data Integration And Analytics
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-36006 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-35641 HIGH PATCH This Week

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
7.2%
CVE-2023-35639 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-35634 HIGH PATCH This Week

Windows Bluetooth Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows 11 21H2 +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35630 HIGH PATCH This Week

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2023-46281 HIGH PATCH This Week

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Cors Misconfiguration Information Disclosure Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45316 HIGH This Week

Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Path Traversal CSRF Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-48641 HIGH This Week

Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41119 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41118 HIGH This Week

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Postgres Advanced Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-42910 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-42890 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-38380 HIGH This Week

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 6Gk7243 8Rx30 0Xe0 Firmware 6Gk7543 1Ax00 0Xe0 Firmware 6Ag1543 1Ax00 2Xe0 Firmware Simatic Cp 1242 7 V2 Firmware +5
NVD
CVSS 4.0
8.7
EPSS
1.0%
CVE-2023-48431 HIGH PATCH This Week

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sinec Ins
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-36005 HIGH PATCH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.1
EPSS
23.9%
CVE-2023-35628 HIGH PATCH This Week

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.1
EPSS
92.8%
CVE-2023-42481 HIGH This Week

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-48677 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-5764 HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible Extra Packages For Enterprise Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36696 HIGH PATCH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-36391 HIGH PATCH This Week

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 11 23h2
NVD
CVSS 3.1
7.8
EPSS
7.2%
CVE-2023-36011 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35644 HIGH PATCH This Week

Windows Sysmain Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2023-35633 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows Server 2008 Windows Server 2012
NVD
CVSS 3.1
7.8
EPSS
8.7%
CVE-2023-35632 HIGH PATCH This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +7
NVD
CVSS 3.1
7.8
EPSS
6.5%
CVE-2023-35631 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 Windows Server 2022 23h2
NVD
CVSS 3.1
7.8
EPSS
6.5%
CVE-2023-21740 HIGH PATCH This Week

Windows Media Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-42926 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42912 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42911 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42909 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42908 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42907 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42906 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-42905 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42904 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42903 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42902 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-42901 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-42899 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy