Skip to main content
CVE-2023-51252 MEDIUM POC This Month

PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-50172 MEDIUM POC This Month

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Avideo
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41060 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-48253 HIGH This Week

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48252 HIGH This Week

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-26627 MEDIUM POC This Month

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-42833 HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26630 MEDIUM POC This Month

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-42866 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-44250 HIGH This Week

An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Fortiproxy Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-48251 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2022-45794 HIGH This Week

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysmac Cj2H Cpu64 Eip Firmware Sysmac Cj2H Cpu64 Firmware Sysmac Cj2H Cpu65 Eip Firmware Sysmac Cj2H Cpu65 Firmware +37
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-48730 HIGH This Week

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Avideo
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2023-51127 HIGH This Week

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-48243 HIGH This Week

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Nexo Os
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-48266 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48265 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48264 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48263 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48262 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-49715 MEDIUM POC This Month

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Avideo
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48250 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-48257 HIGH This Week

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Nexo Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-32383 HIGH This Week

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41075 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-47915 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42870 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32378 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42828 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42871 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42933 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-47965 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-46721 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32401 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Microsoft macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32366 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42826 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-29445 HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-49427 HIGH This Week

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40393 HIGH This Week

An authentication issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42869 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-46712 HIGH This Week

A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiportal
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2023-42876 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-32436 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple macOS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-38610 HIGH This Week

A memory corruption issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-42832 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure macOS
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-49295 MEDIUM PATCH This Month

quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Quic Go
NVD GitHub
CVSS 3.1
6.4
EPSS
1.8%
CVE-2023-37932 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortivoice
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-48245 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5455 MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48246 MEDIUM This Month

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy