Skip to main content
CVE-2024-21633 HIGH POC PATCH THREAT Act Now

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK resources with crafted filenames can write files to arbitrary locations on the system, enabling code execution on developer and CI/CD machines that analyze untrusted APKs.

Google Path Traversal Apktool Android
NVD GitHub
CVSS 3.1
7.8
EPSS
80.5%
Threat
5.5
CVE-2023-49442 CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
CVSS 3.1
9.8
EPSS
55.5%
CVE-2023-50253 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2023-45559 HIGH POC This Week

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-21907 HIGH POC PATCH This Week

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Json Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-42358 HIGH POC This Week

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Ric Plt E2Mgr
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-47473 HIGH POC This Week

Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ifair
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37607 HIGH POC This Week

Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Soc Fl9600 Firstlane Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46929 HIGH POC PATCH This Week

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37608 HIGH POC This Week

An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Soc Fl9600 Firstlane Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-50256 HIGH POC PATCH This Week

Froxlor is open source server administration software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Froxlor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-7027 HIGH POC PATCH This Week

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-51784 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.5.0 through 1.9.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Code Injection Inlong
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2023-50922 HIGH POC This Week

An issue was discovered on GL.iNet devices through 4.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware +9
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-21911 MEDIUM POC PATCH This Month

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-6524 MEDIUM POC This Month

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21910 MEDIUM POC PATCH This Month

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2024-21908 MEDIUM POC PATCH This Month

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6621 MEDIUM POC This Month

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Smtp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50093 MEDIUM POC This Month

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Broadcom Code Injection Api Gateway Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50092 MEDIUM POC This Month

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadcom Api Gateway Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-46308 CRITICAL PATCH Act Now

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Plotly Js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-50090 CRITICAL Act Now

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ureport2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50921 CRITICAL Act Now

An issue was discovered on GL.iNet devices through 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware Gl Ar750 Firmware +8
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-52314 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52311 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in _wget_download. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52310 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-49556 MEDIUM POC This Month

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-39655 CRITICAL Act Now

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2023-49555 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49554 MEDIUM POC This Month

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49557 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49558 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5880 HIGH This Week

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java Aladdin Connect Garage Door Opener Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45722 HIGH This Week

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dryice Myxalytics
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-6600 HIGH PATCH This Week

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Google
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-50343 HIGH This Week

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2023-5881 HIGH This Week

Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aladdin Connect Garage Door Opener Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-45724 HIGH This Week

HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Dryice Myxalytics
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-52304 HIGH PATCH This Week

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-52309 HIGH PATCH This Week

Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Information Disclosure Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-52307 HIGH PATCH This Week

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-50351 HIGH This Week

HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2023-50350 HIGH This Week

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2023-6338 HIGH This Week

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-45723 HIGH This Week

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Dryice Myxalytics
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-50341 HIGH This Week

HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-21909 HIGH PATCH This Week

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Cbor
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-51785 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Apache Inlong
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-50342 HIGH This Week

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy