Skip to main content
CVE-2023-6730 HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-44982 MEDIUM POC THREAT This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Information Disclosure Perfect Images
NVD
CVSS 3.1
5.3
EPSS
12.9%
CVE-2023-49147 HIGH POC This Week

An issue was discovered in PDF24 Creator 11.14.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdf24 Creator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-6872 MEDIUM POC This Month

Browser tab titles were being leaked by GNOME to system logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49006 MEDIUM POC PATCH This Month

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP CSRF Phpsysinfo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-49489 MEDIUM POC This Month

Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Kodexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6930 CRITICAL Act Now

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Etl3100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6929 CRITICAL Act Now

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etl3100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6928 CRITICAL Act Now

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Etl3100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49004 CRITICAL Act Now

An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection D-Link Dir 850L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-47267 CRITICAL Act Now

An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Thegreenbow Vpn Client
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-50272 CRITICAL Act Now

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Integrated Lights Out 5 Firmware Integrated Lights Out 6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46265 CRITICAL Act Now

An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-46264 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-46263 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
81.9%
CVE-2023-46261 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46260 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
9.8%
CVE-2023-46259 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46258 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46257 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46225 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46224 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46223 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46222 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46221 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2023-46220 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2023-46217 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-46216 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-41727 CRITICAL Act Now

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Avalanche
NVD
CVSS 3.1
9.8
EPSS
36.4%
CVE-2023-43870 CRITICAL Act Now

When installing the Net2 software a root certificate is installed into the trusted store. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Net2
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-49750 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Couponis
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-48738 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.12.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Functionality
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-46266 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
3.5%
CVE-2023-50466 HIGH This Week

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Cmt2078X Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-43826 HIGH This Week

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Apache RCE Buffer Overflow Guacamole
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6873 HIGH This Week

Memory safety bugs present in Firefox 120. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6866 HIGH This Week

TypedArrays can be fallible and lacked proper exception handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6864 HIGH This Week

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6863 HIGH This Week

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6862 HIGH This Week

A use-after-free was identified in the `nsDNSService::Init`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6861 HIGH This Week

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-6859 HIGH This Week

A use-after-free condition affected TLS socket creation when under memory pressure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-6858 HIGH This Week

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-6856 HIGH This Week

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
20.5%
CVE-2023-6945 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-49736 HIGH PATCH This Week

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.1.2, from 3.0.0 before 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6940 HIGH PATCH This Week

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-34027 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Recently Viewed Products
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-37390 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-6913 HIGH This Week

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Imou Life
NVD
CVSS 3.1
8.1
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy