Skip to main content
CVE-2023-51771 CRITICAL POC Act Now

In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a long URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Micro Http Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7097 CRITICAL POC Act Now

A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Water Billing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7095 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7100Ru Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
13.7%
CVE-2023-28872 HIGH POC This Week

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secure Enterprise Client
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37188 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37187 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37186 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37185 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-7094 HIGH POC This Week

A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Application Security Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-49226 HIGH POC This Week

An issue was discovered in Peplink Balance Two before 8.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Balance Two Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2023-38826 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solutions Destiny
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49954 CRITICAL Act Now

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi 3Cx
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-31224 CRITICAL Act Now

There is broken access control during authentication in Jamf Pro Server before 10.46.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jamf
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-48654 CRITICAL Act Now

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Google Microsoft Password Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-7099 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7100 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2023-51772 HIGH This Week

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Google Microsoft Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43064 HIGH PATCH This Week

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE IBM
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-7093 HIGH This Week

A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Kylin System Updater
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-38321 HIGH This Week

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47091 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31455 HIGH This Week

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31289 HIGH This Week

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49880 HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36486 HIGH PATCH This Week

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ilias
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-36485 HIGH PATCH This Week

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ilias
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-49328 HIGH This Week

On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE B Point
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-49944 MEDIUM This Month

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Management For Windows
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-37225 MEDIUM This Month

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pexip Infinity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-7096 LOW POC Monitor

A flaw has been found in code-projects Faculty Management System 1.0. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Faculty Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2023-40236 MEDIUM This Month

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Virtual Meeting Rooms
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-7098 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Easyimages2 0
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-30451 MEDIUM PATCH This Month

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Typo3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-31297 MEDIUM This Month

An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-48652 MEDIUM PATCH This Month

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Concrete Cms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47247 MEDIUM This Month

In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sysaid
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy