Skip to main content
CVE-2023-26864 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smplredirectionsmanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1177 CRITICAL POC PATCH THREAT Act Now

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
9.8
EPSS
69.5%
CVE-2022-45597 CRITICAL Act Now

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23149 CRITICAL Act Now

DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dek 1705 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28150 CRITICAL Act Now

An issue was discovered in Independentsoft JODF before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jodf
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28151 CRITICAL Act Now

An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jspreadsheet
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-21058 CRITICAL Act Now

In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-21057 CRITICAL Act Now

In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-20954 CRITICAL PATCH Act Now

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-20951 CRITICAL PATCH Act Now

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28152 CRITICAL Act Now

An issue was discovered in Independentsoft JWord before 1.1.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jword
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28445 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Deno Deno Runtime Serde V8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy