Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2023-39191 HIGH PATCH This Week

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Linux Linux Kernel Fedora Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43804 PyPI HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-5345 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5344 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-44488 HIGH PATCH This Week

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libvpx Enterprise Linux Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-43655 PHP HIGH PATCH This Week

Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Composer Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-5217 npm HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Libvpx Edge +9
NVD GitHub
CVSS 3.1
8.8
EPSS
49.0%
CVE-2023-5187 HIGH This Week

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5186 HIGH This Week

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42756 MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-42822 MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Debian Xrdp Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5171 MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +4
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5169 MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5157 HIGH This Week

A vulnerability was found in MariaDB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MariaDB Fedora Enterprise Linux Enterprise Linux Eus +8
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-42453 PyPI MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Synapse Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-41335 PyPI LOW PATCH Monitor

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-41074 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-35074 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-4156 HIGH POC This Week

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gawk Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-42811 Cargo MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5002 PyPI HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-43090 MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4504 HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Cups Libppd +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-41993 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +11
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-43669 Cargo HIGH POC PATCH This Week

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tungstenite Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-3341 HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-4806 MEDIUM This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Codeready Linux Builder Eus +20
NVD VulDB
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-4527 MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +24
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-43115 HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2023-38039 HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
7.5
EPSS
62.2%
CVE-2023-4155 MEDIUM PATCH This Month

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. Rated medium severity (CVSS 5.6).

Amd Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2023-3255 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-4813 MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Glibc Enterprise Linux +14
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2023-4909 MEDIUM This Month

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4908 MEDIUM This Month

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4907 MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4906 MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4905 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4904 MEDIUM This Month

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4903 MEDIUM This Month

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4902 MEDIUM This Month

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4901 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4900 MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4863 LIB HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Chrome Fedora +10
NVD GitHub
CVSS 3.1
8.8
EPSS
99.7%
CVE-2023-40032 MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Fedora Libvips
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41915 HIGH This Week

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Openpmix Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-39511 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-4762 HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
38.0%
CVE-2023-4761 HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-39516 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39365 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-39364 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-39362 HIGH POC THREAT This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Cacti Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
82.2%
CVE-2023-39358 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-39357 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-30534 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2023-39515 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39514 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-39513 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-39512 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39510 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39366 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-39361 CRITICAL POC THREAT Act Now

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
87.7%
CVE-2023-39360 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-39359 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41909 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4752 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4750 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-4733 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36328 CRITICAL PATCH Act Now

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Libtommath Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-40569 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-40567 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-40188 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-40186 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-40181 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-39356 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2023-39353 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-39352 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39354 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39351 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39350 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-40589 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-4572 HIGH This Week

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38802 HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-41360 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41359 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41358 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40587 PyPI MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Linux Linux Kernel +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Urllib3 +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libvpx Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Composer +2
NVD GitHub
EPSS 49% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google +11
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Debian +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was found in MariaDB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MariaDB Fedora +10
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Synapse Fedora
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +6
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gawk +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell +1
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +4
NVD GitHub
EPSS 29% CVSS 8.8
HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +13
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tungstenite Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +6
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind +2
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +22
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc +26
NVD
EPSS 5% CVSS 8.8
HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
EPSS 62% CVSS 7.5
HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +8
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. Rated medium severity (CVSS 5.6).

Amd Denial Of Service Linux +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux +1
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +16
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 100% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google +12
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Fedora +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Openpmix +2
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 38% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google +4
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cacti Fedora
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Cacti +1
NVD GitHub
EPSS 82% CVSS 7.2
HIGH POC THREAT This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection +2
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE SQLi +2
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 88% CVSS 9.8
CRITICAL POC THREAT Act Now

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +4
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption +3
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption +3
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos +2
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid +1
NVD GitHub
Prev Page 5 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy