Skip to main content
CVE-2023-6730 HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49147 HIGH POC This Week

An issue was discovered in PDF24 Creator 11.14.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdf24 Creator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-50466 HIGH This Week

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Cmt2078X Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-43826 HIGH This Week

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Apache RCE Buffer Overflow Guacamole
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6873 HIGH This Week

Memory safety bugs present in Firefox 120. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6866 HIGH This Week

TypedArrays can be fallible and lacked proper exception handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6864 HIGH This Week

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6863 HIGH This Week

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6862 HIGH This Week

A use-after-free was identified in the `nsDNSService::Init`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6861 HIGH This Week

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-6859 HIGH This Week

A use-after-free condition affected TLS socket creation when under memory pressure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-6858 HIGH This Week

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-6856 HIGH This Week

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
20.5%
CVE-2023-49736 HIGH PATCH This Week

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.1.2, from 3.0.0 before 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6940 HIGH PATCH This Week

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-34027 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Recently Viewed Products
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-37390 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-6913 HIGH This Week

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Imou Life
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-6931 HIGH PATCH This Week

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Memory Corruption Linux Buffer Overflow Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-6932 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Linux Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6315 HIGH This Week

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6314 HIGH This Week

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48764 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection - Stop Brute Force Attacks.2.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Guardgiant
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-48741 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.7.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wpbot
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-48327 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.4.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Woocommerce Multi Vendor Woocommerce Marketplace Product Vendors
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49764 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advanced Database Cleaner
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49819 HIGH This Week

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Structured Content
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46804 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46803 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46262 HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
82.8%
CVE-2023-6711 HIGH This Week

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtu500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6280 HIGH This Week

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Wps
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1514 HIGH This Week

A vulnerability exists in the component RTU500 Scripting interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rtu500 Scripting Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38126 HIGH This Week

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Edgeaggregator
NVD
CVSS 3.1
7.2
EPSS
68.6%
CVE-2023-50376 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.3.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Membership
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy