Skip to main content
CVE-2023-6879 CRITICAL POC PATCH Act Now

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Aomedia Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-51084 CRITICAL POC Act Now

hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hyavijava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-47883 CRITICAL POC Act Now

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Tv Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43955 CRITICAL POC Act Now

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Tv Bro
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43481 CRITICAL POC Act Now

An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Browser Tv Web Browsehere
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51664 CRITICAL POC PATCH Act Now

tj-actions/changed-files is a Github action to retrieve all files and directories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Changed Files
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-7116 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Datax Web
NVD VulDB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2023-50255 HIGH POC PATCH This Week

Deepin-Compressor is the default archive manager of Deepin Linux OS. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Deepin Compressor
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-49002 HIGH POC This Week

An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phone Dialer Voice Call Dialer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-51080 HIGH POC PATCH This Week

The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-51075 HIGH POC PATCH This Week

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hutool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47882 HIGH POC This Week

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Yi Iot
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-46919 MEDIUM POC This Month

Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Authentication Bypass Simple Http Server Simple Http Server Plus
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-51443 MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-6190 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal University Information Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49001 CRITICAL Act Now

An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Indi Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49000 CRITICAL Act Now

An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Artisbrowser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52077 CRITICAL PATCH Act Now

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Nexkey
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51700 CRITICAL PATCH Act Now

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE WordPress Deserialization Unofficial Mobile Bankid Integration
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-49003 MEDIUM POC This Month

An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simple Dialer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-51079 MEDIUM POC This Month

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Mvel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51074 MEDIUM POC PATCH This Month

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jayway Jsonpath
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-40038 HIGH This Week

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dg860A Firmware Dg1670A Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46918 MEDIUM POC This Month

Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Simple Http Server Plus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-52075 HIGH This Week

ReVanced API proxies requests needed to feed the ReVanced Manager and website with data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Revanced
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-51697 HIGH PATCH This Week

Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Audiobookshelf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51665 HIGH PATCH This Week

Audiobookshelf is a self-hosted audiobook and podcast server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Audiobookshelf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3171 HIGH This Week

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4641 MEDIUM This Month

A flaw was found in shadow-utils. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Shadow Utils Codeready Linux Builder Codeready Linux Builder For Arm64 Codeready Linux Builder For Ibm Z Systems +5
NVD
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy