Skip to main content
CVE-2023-49085 HIGH POC THREAT Act Now

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
84.6%
CVE-2023-51387 HIGH POC PATCH This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Hertzbeat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-50714 HIGH POC PATCH This Week

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack CSRF Yii2 Authclient
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-51448 HIGH POC This Week

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2023-7053 HIGH POC This Week

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-51661 HIGH POC PATCH This Week

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Wasmer
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-50254 HIGH POC PATCH This Week

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Deepin Reader
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-43116 HIGH POC PATCH This Week

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Elastic Information Disclosure Elastic Ci Stack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-51650 HIGH POC This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Hertzbeat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-51449 HIGH POC PATCH This Week

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-49391 HIGH POC This Week

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49356 HIGH POC This Week

A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mp3Gain
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-24609 HIGH POC This Week

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Matrixssl Tls Toolkit
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-51713 HIGH POC This Week

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2023-42465 HIGH POC PATCH This Week

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Authentication Bypass Sudo
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-43741 HIGH POC PATCH This Week

A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Elastic Authentication Bypass Elastic Ci Stack
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-51708 HIGH This Week

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Assetwise Alim For Transportation Eb System Management Console
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2023-48670 HIGH This Week

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50730 HIGH PATCH This Week

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grackle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-51662 HIGH PATCH This Week

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Snowflake Connector
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-48704 HIGH PATCH This Week

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy