Skip to main content
CVE-2023-24189 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Urule
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-33224 CRITICAL Act Now

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Umbraco Forms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-4105 CRITICAL Act Now

Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.24.0.R.20180630 before 5.24.0.R.20210727. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coslat Bx5S1D3 Firmware Coslat Bx5S1D4 Firmware Coslat Bx5S1D5 Firmware Coslat Rm1Ds1000 Firmware +4
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25696 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Hive Provider.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-25693 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Sqoop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-25691 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Google Apache Airflow Providers Google
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-26468 CRITICAL PATCH Act Now

Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy