Skip to main content
CVE-2023-28872 HIGH POC This Week

Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secure Enterprise Client
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37188 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37187 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37186 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37185 HIGH POC PATCH This Week

C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference C Blosc2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-7094 HIGH POC This Week

A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Application Security Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-49226 HIGH POC This Week

An issue was discovered in Peplink Balance Two before 8.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Balance Two Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2023-51772 HIGH This Week

One Identity Password Manager before 5.13.1 allows Kiosk Escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Google Microsoft Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43064 HIGH PATCH This Week

Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE IBM
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-7093 HIGH This Week

A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Kylin System Updater
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-38321 HIGH This Week

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Aleos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-47091 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31455 HIGH This Week

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31289 HIGH This Week

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49880 HIGH This Week

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 the sending address and the message type of FIN messages are assumed to be immutable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Financial Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36486 HIGH PATCH This Week

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ilias
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-36485 HIGH PATCH This Week

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ilias
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-49328 HIGH This Week

On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE B Point
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy