Skip to main content
CVE-2023-47322 HIGH POC PATCH This Week

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation CSRF Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47326 HIGH POC PATCH This Week

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6773 HIGH POC This Week

A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pos And Inventory Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6761 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6753 HIGH POC PATCH This Week

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-47320 HIGH POC PATCH This Week

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-47323 HIGH POC PATCH This Week

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-50262 HIGH POC PATCH This Week

Dompdf is an HTML to PDF converter for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dompdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-6759 HIGH POC This Week

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-48702 HIGH POC PATCH This Week

Jellyfin is a system for managing and streaming media. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Jellyfin
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-6772 HIGH POC This Week

A vulnerability, which was classified as critical, was found in OTCMS 7.01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Otcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-6755 HIGH POC This Week

A vulnerability was found in DedeBIZ 6.2 and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dedebiz
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-43586 HIGH This Week

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-43813 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
30.9%
CVE-2023-50778 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Paaslane Estimate
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-50768 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Nexus Platform
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-50766 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Nexus Platform
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-44252 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-44251 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48791 HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortiportal
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-48782 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-41678 HIGH This Week

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-36639 HIGH This Week

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-47578 HIGH This Week

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47576 HIGH This Week

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-47573 HIGH This Week

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50774 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Html Resource
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-50764 HIGH This Week

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Scriptler
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-6377 HIGH PATCH This Week

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow RCE Privilege Escalation Enterprise Linux Eus +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-6478 HIGH PATCH This Week

A flaw was found in xorg-server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow X Server Xwayland Enterprise Linux Eus +2
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-45174 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45170 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45166 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48639 HIGH This Week

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48634 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48633 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-48632 HIGH PATCH This Week

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48630 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48629 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48628 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48627 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48626 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48625 HIGH PATCH This Week

Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Sampler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47075 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-47074 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47063 HIGH This Week

Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31210 HIGH This Week

Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40716 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50709 HIGH PATCH This Week

Cube is a semantic layer for building data applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cube Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-50444 HIGH This Week

By default, .ZED containers produced by PRIMX ZED!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zed Zedmail Zonecentral
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy