Skip to main content
CVE-2022-45365 HIGH POC THREAT Act Now

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.23.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

XSS Stock Ticker
NVD
CVSS 3.1
7.1
EPSS
20.1%
CVE-2023-50017 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-42800 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Moonlight Common C Moonlight Moonlight Embedded +4
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-42799 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Moonlight Common C Moonlight Moonlight Embedded +4
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-50564 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
29.1%
CVE-2023-6569 HIGH POC PATCH This Week

External Control of File Name or Path in h2oai/h2o-3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-6572 HIGH POC PATCH This Week

Command Injection in GitHub repository gradio-app/gradio prior to main. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Gradio
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-6563 HIGH POC PATCH This Week

An unconstrained memory consumption vulnerability was discovered in Keycloak. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Keycloak Single Sign On Openshift Container Platform Openshift Container Platform For Power +1
NVD GitHub
CVSS 3.1
7.7
EPSS
1.2%
CVE-2023-42801 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apple Google Moonlight Common C Moonlight +6
NVD GitHub
CVSS 3.1
7.6
EPSS
0.8%
CVE-2023-50472 HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-50471 HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-50011 HIGH POC This Week

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Popojicms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2023-6707 HIGH This Week

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6706 HIGH This Week

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6705 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6704 HIGH This Week

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6703 HIGH This Week

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6702 HIGH This Week

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
43.5%
CVE-2023-46142 HIGH This Week

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axc F 1152 Firmware Axc F 2152 Firmware Axc F 3152 Firmware Bpc 9102S Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45185 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM I Access Client Solutions
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25643 HIGH This Week

There is a command injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-49935 HIGH This Week

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-37457 HIGH PATCH This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
8.2
EPSS
1.1%
CVE-2023-49938 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-25651 HIGH This Week

There is a SQL injection vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Zte SQLi Mf833U1 Firmware Mf286R Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2023-49347 HIGH This Week

Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49346 HIGH This Week

Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49345 HIGH This Week

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49344 HIGH This Week

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49343 HIGH This Week

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49342 HIGH This Week

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-44285 HIGH This Week

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44277 HIGH This Week

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerprotect Data Protection Apex Protection Storage Powerprotect Data Domain +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-25648 HIGH This Week

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxcloud Irai
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41720 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-49294 HIGH PATCH This Week

Asterisk is an open source private branch exchange and telephony toolkit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
7.5
EPSS
45.6%
CVE-2023-4694 HIGH This Week

Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service HP Officejet Pro 8730 D9L19A Firmware Officejet Pro 8730 M9L74A Firmware Officejet Pro 8730 M9L75A Firmware +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-41151 HIGH This Week

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opc Opc Ua C Software Development Kit Secure Integration Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-50269 HIGH This Week

Squid is a caching proxy for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
57.6%
CVE-2023-48671 HIGH PATCH This Week

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48660 HIGH PATCH This Week

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Dell Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance Powermax Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5592 HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Multiprog Proconos Eclr
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46143 HIGH This Week

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-48631 HIGH PATCH This Week

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Css Tools
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25644 HIGH This Week

There is a denial of service vulnerability in some ZTE mobile internet products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zte Mc801A Firmware Mc801A1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1904 HIGH This Week

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49936 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Slurm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-49933 HIGH This Week

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slurm
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-45184 HIGH This Week

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM I Access Client Solutions
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-43042 HIGH This Week

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Storage Virtualize
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy