Skip to main content
CVE-2023-47573 HIGH This Week

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-47327 MEDIUM POC PATCH This Month

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6762 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-6758 MEDIUM POC This Month

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-50774 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Html Resource
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-50764 HIGH This Week

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Scriptler
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-6377 HIGH PATCH This Week

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow RCE Privilege Escalation Enterprise Linux Eus +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-6478 HIGH PATCH This Week

A flaw was found in xorg-server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow X Server Xwayland Enterprise Linux Eus +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-45174 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45170 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45166 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48639 HIGH This Week

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48634 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48633 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-48632 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48630 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48629 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48628 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48627 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48626 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48625 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47075 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-47074 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47063 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31210 HIGH This Week

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40716 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50709 HIGH PATCH This Week

Cube is a semantic layer for building data applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cube Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-50444 HIGH This Week

By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zed Zedmail Zonecentral
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46247 HIGH PATCH This Week

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6766 LOW POC Monitor

A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Teacher Subject Allocation Management System
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.5%
CVE-2023-34194 HIGH PATCH This Week

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tinyxml
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-6722 HIGH This Week

A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Repox
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6721 HIGH This Week

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Repox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6718 HIGH This Week

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Repox
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-6534 HIGH This Week

In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45801 HIGH This Week

Improper Authentication vulnerability in Nadatel DVR allows Information Elicitation.0.0 before 9.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass At 0402R Firmware At 0815R Firmware At 1623R Firmware At 0402L Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47579 HIGH This Week

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rely Pcie Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45800 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.8.79 before V3.8.81.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Groupware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-50770 MEDIUM PATCH This Month

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-49646 MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43585 MEDIUM This Month

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Meeting Software Development Kit Video Software Development Kit Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50248 MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6660 MEDIUM This Month

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46675 MEDIUM This Month

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46671 MEDIUM This Month

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-6792 MEDIUM This Month

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2023-49296 MEDIUM PATCH This Month

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Create Agent
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-6790 MEDIUM This Month

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6767 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Wedding Guest E Book
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-50771 MEDIUM PATCH This Month

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Open Redirect Openid Connect Authentication
NVD
CVSS 3.1
6.1
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy