Skip to main content
CVE-2023-41974 HIGH POC KEV THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption RCE Use After Free Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
Threat
4.6
CVE-2023-49471 HIGH POC THREAT Act Now

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

SSRF RCE Bar Assistant
NVD GitHub
CVSS 3.1
8.8
EPSS
13.0%
CVE-2023-49589 HIGH POC This Week

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-49738 HIGH POC This Week

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45139 HIGH POC PATCH This Week

fontTools is a library for manipulating fonts, written in Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XXE Fonttools
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-48864 HIGH POC This Week

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-49810 HIGH POC This Week

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Avideo
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-50916 HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager Windows
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-41056 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
6.8%
CVE-2023-41060 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-48253 HIGH This Week

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48252 HIGH This Week

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-42833 HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Safari Ipados +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-42866 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-44250 HIGH This Week

An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Privilege Escalation Fortiproxy Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-48251 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2022-45794 HIGH This Week

An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysmac Cj2H Cpu64 Eip Firmware Sysmac Cj2H Cpu64 Firmware Sysmac Cj2H Cpu65 Eip Firmware Sysmac Cj2H Cpu65 Firmware +37
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-48730 HIGH This Week

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Avideo
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2023-51127 HIGH This Week

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-48243 HIGH This Week

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Nexo Os
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-48266 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48265 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48264 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48263 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48262 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48250 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-48257 HIGH This Week

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Nexo Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-32383 HIGH This Week

This issue was addressed by forcing hardened runtime on the affected binaries at the system level. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41075 HIGH This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-47915 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42870 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32378 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42828 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42871 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42933 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-47965 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-46721 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32401 HIGH This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Microsoft macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32366 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-42826 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-29445 HIGH This Week

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-49427 HIGH This Week

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40393 HIGH This Week

An authentication issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS iOS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-42869 HIGH This Week

Multiple memory corruption issues were addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-46712 HIGH This Week

A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiportal
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2023-42876 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-32436 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple macOS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-38610 HIGH This Week

A memory corruption issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple Ipados Iphone Os +2
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-42832 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure macOS
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-21643 HIGH PATCH This Month

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft RCE Code Injection Identitymodel Extensions
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy