Skip to main content
CVE-2023-24212 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24205 CRITICAL POC Act Now

Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Clash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26326 CRITICAL POC Act Now

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Buddyforms
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-24104 CRITICAL POC Act Now

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Authentication Bypass Unifi Dream Machine Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23914 CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-2504 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.8.432. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sdd Baro
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-0939 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Services
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25823 CRITICAL PATCH Act Now

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Gradio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0755 CRITICAL Act Now

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex Thingworx Net Sdk +5
NVD
CVSS 3.1
9.8
EPSS
11.8%
CVE-2023-0754 CRITICAL Act Now

The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex +6
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-0986 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sales Tracker Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0982 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0981 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0980 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical.php of the component Status Update Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy