Skip to main content
CVE-2023-28343 CRITICAL POC THREAT Act Now

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Energy Communication Unit Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
85.3%
CVE-2023-1394 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1392 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1327 CRITICAL Act Now

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rax30 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26511 CRITICAL Act Now

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Machineselector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23415 CRITICAL PATCH Act Now

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-23397 CRITICAL KEV PATCH THREAT Act Now

Microsoft Outlook Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
9.8
EPSS
97.4%
CVE-2023-23392 CRITICAL PATCH Act Now

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 11 21H2 Windows 11 22h2 +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-21708 CRITICAL PATCH Act Now

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27074 CRITICAL Act Now

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bp Monitoring Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1391 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27501 CRITICAL Act Now

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-27269 CRITICAL Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy