Skip to main content
CVE-2023-46919 MEDIUM POC This Month

Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Authentication Bypass Simple Http Server Simple Http Server Plus
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-51443 MEDIUM POC PATCH This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-49003 MEDIUM POC This Month

An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simple Dialer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-51079 MEDIUM POC This Month

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Mvel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51074 MEDIUM POC PATCH This Month

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jayway Jsonpath
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-46918 MEDIUM POC This Month

Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an Android manifest file that contains an entry with the android:allowBackup attribute set to true. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Simple Http Server Plus
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-4641 MEDIUM This Month

A flaw was found in shadow-utils. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Shadow Utils Codeready Linux Builder Codeready Linux Builder For Arm64 Codeready Linux Builder For Ibm Z Systems +5
NVD
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy