Skip to main content
CVE-2023-28110 CRITICAL POC PATCH Act Now

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Command Injection Jumpserver Koko
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-27041 CRITICAL POC Act Now

School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27040 CRITICAL POC Act Now

Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Simple Image Gallery Web App
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27250 CRITICAL POC Act Now

Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Book Store Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25280 CRITICAL POC KEV THREAT Act Now

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
98.1%
CVE-2023-21459 CRITICAL Act Now

Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-0598 CRITICAL Act Now

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ifix
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1256 CRITICAL Act Now

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aveva Plant Scada Telemetry Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26784 CRITICAL Act Now

SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Kirin Fortress Machine
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24795 CRITICAL Act Now

Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Jhr N916R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23150 CRITICAL Act Now

SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sa Wr915Nd Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-21455 CRITICAL Act Now

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Exynos Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-0811 CRITICAL Act Now

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysmac Cj2H Cpu64 Firmware Sysmac Cj2H Cpu64 Eip Firmware Sysmac Cj2H Cpu65 Firmware Sysmac Cj2H Cpu65 Eip Firmware +124
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy