Skip to main content
CVE-2023-45185 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM I Access Client Solutions
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25643 HIGH This Week

There is a command injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-49935 HIGH This Week

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-50710 MEDIUM POC PATCH This Month

Hono is a web framework written in TypeScript. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Hono
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-37457 HIGH PATCH This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
8.2
EPSS
1.1%
CVE-2023-49938 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-25651 HIGH This Week

There is a SQL injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte SQLi Mf833U1 Firmware Mf286R Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2023-49347 HIGH This Week

Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49346 HIGH This Week

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49345 HIGH This Week

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49344 HIGH This Week

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49343 HIGH This Week

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49342 HIGH This Week

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-44285 HIGH This Week

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44277 HIGH This Week

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-25648 HIGH This Week

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxcloud Irai
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41720 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-49294 HIGH PATCH This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
7.5
EPSS
45.6%
CVE-2023-4694 HIGH This Week

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Officejet Pro 8730 D9L19A Firmware Officejet Pro 8730 M9L74A Firmware Officejet Pro 8730 M9L75A Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-41151 HIGH This Week

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opc Opc Ua C Software Development Kit Secure Integration Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-50269 HIGH This Week

Squid is a caching proxy for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
57.6%
CVE-2023-48671 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48660 HIGH PATCH This Week

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5592 HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Multiprog Proconos Eclr
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46143 HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-48631 HIGH PATCH This Week

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Css Tools
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25644 HIGH This Week

There is a denial of service vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1904 HIGH This Week

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49936 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Slurm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-49933 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-45184 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-43042 HIGH This Week

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-48667 HIGH This Week

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Apex Protection Storage Powerprotect Data Domain Powerprotect Data Domain Management Center +2
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-48665 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-48664 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-48663 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-48662 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-41719 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2023-48771 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno "Aesqe" Babic File Gallery allows Reflected XSS.8.5.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Gallery
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-48767 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mytube Playlist
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49813 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J.N.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49172 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BrainCert BrainCert - HTML5 Virtual Classroom allows Reflected XSS.30. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Virtual Classroom Api
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49171 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs Innovs HR - Complete Human Resource Management System for Your Business allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Innovs Hr
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49827 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Soledad
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49740 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seraphinite Solutions Seraphinite Accelerator allows Reflected XSS.20.28. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seraphinite Accelerator
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49771 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Link Log
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49766 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Stored XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Addons For Contact Form 7
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-48756 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlocks For Elementor allows Reflected XSS.3.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jetblocks For Elementor Elementor
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-48676 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-6407 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Easy Ups Online Monitoring Software
NVD
CVSS 3.1
7.1
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy