Skip to main content
CVE-2024-21887 CRITICAL POC KEV THREAT Emergency

Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE.

NVD
CVSS 3.1
9.1
EPSS
94.4%
Threat
9.7
CVE-2023-46805 HIGH POC KEV THREAT Act Now

Ivanti Connect Secure and Policy Secure contain an authentication bypass in the web component allowing unauthenticated access to restricted resources, chained with CVE-2024-21887 for unauthenticated RCE in massive exploitation campaigns starting January 2024.

NVD
CVSS 3.1
8.2
EPSS
94.4%
Threat
9.5
CVE-2023-7028 CRITICAL POC KEV THREAT Emergency

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Gitlab Information Disclosure
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
93.5%
Threat
7.8
CVE-2023-50919 CRITICAL POC THREAT Emergency

An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Authentication Bypass Nginx Gl Ax1800 Firmware Gl Axt1800 Firmware Gl Mt3000 Firmware +9
NVD GitHub
CVSS 3.1
9.8
EPSS
52.3%
Threat
5.0
CVE-2023-52026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-51698 CRITICAL POC PATCH Act Now

Atril is a simple multi-page document viewer. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Atril
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2023-30016 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30015 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30014 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37117 CRITICAL POC Act Now

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Live555
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-48909 HIGH POC This Week

An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jave2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-51949 HIGH POC This Week

Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Verydows
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49569 CRITICAL PATCH Act Now

A path traversal vulnerability was discovered in go-git versions prior to v5.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Go Git
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2023-52339 MEDIUM POC PATCH This Month

In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libebml
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-51978 MEDIUM POC This Month

In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51790 MEDIUM POC This Month

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-48620 CRITICAL PATCH Act Now

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libeuv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49253 CRITICAL Act Now

Root user password is hardcoded into the device and cannot be changed in the user interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49255 CRITICAL Act Now

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2016-20021 CRITICAL PATCH Act Now

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Portage
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-49262 CRITICAL Act Now

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-40362 MEDIUM POC This Month

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Click2Gov Building Permit
NVD GitHub
CVSS 3.1
4.3
EPSS
6.1%
CVE-2022-4961 MEDIUM POC This Month

A vulnerability was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wetong Mall
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-50920 MEDIUM POC This Month

An issue was discovered on GL.iNet devices before version 4.5.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Session Fixation Gl Ax1800 Firmware Gl Axt1800 Firmware Gl Mt3000 Firmware +9
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-51806 MEDIUM POC This Month

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ujcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-31030 CRITICAL Act Now

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-31029 CRITICAL Act Now

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-31024 CRITICAL Act Now

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2023-31211 HIGH PATCH This Week

Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49254 HIGH This Week

Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection H8951 4G Esp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-6735 HIGH PATCH This Week

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Code Injection Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-40250 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.0.0.893. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Hcell Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49257 HIGH This Week

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure H8951 4G Esp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-49647 HIGH This Week

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Video Software Development Kit Zoom +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-6740 HIGH PATCH This Week

Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Privilege Escalation Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-48297 HIGH This Week

Discourse is a platform for community discussion. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2022-4962 MEDIUM POC This Month

A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apollo
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6040 HIGH PATCH This Week

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-48166 HIGH This Week

A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Openscape Voice
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4812 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2023-31036 HIGH POC This Week

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Microsoft Information Disclosure Nvidia Path Traversal +3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-34061 HIGH This Week

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cloud Foundry Deployment Cloud Foundry Routing Release
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-49568 HIGH PATCH This Week

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Git
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-49261 HIGH This Week

The "tokenKey" value used in user authorization is visible in the HTML source of the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure H8951 4G Esp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-49256 HIGH This Week

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure H8951 4G Esp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-4960 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Favorites Web
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-49259 HIGH This Week

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure H8951 4G Esp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31032 HIGH This Week

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. Rated high severity (CVSS 7.5). No vendor patch available.

Nvidia Denial Of Service Dgx A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31035 HIGH This Week

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Nvidia RCE Denial Of Service Dgx A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-42463 HIGH This Week

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Privilege Escalation Buffer Overflow Wazuh
NVD GitHub
CVSS 3.1
7.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy