Skip to main content
CVE-2023-21716 CRITICAL POC PATCH THREAT Act Now

Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Microsoft Office Office Long Term Servicing Channel +6
NVD
CVSS 3.1
9.8
EPSS
82.3%
CVE-2023-24161 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24160 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24159 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-21803 CRITICAL PATCH Act Now

Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +5
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-21692 CRITICAL PATCH Act Now

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
21.2%
CVE-2023-21690 CRITICAL PATCH Act Now

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
27.5%
CVE-2023-21689 CRITICAL PATCH Act Now

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
26.5%
CVE-2023-24482 CRITICAL Act Now

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions <. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Comos
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25725 CRITICAL Act Now

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Haproxy Debian Linux
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2023-24530 CRITICAL Act Now

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy