Skip to main content
CVE-2023-27488 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26921 CRITICAL POC Act Now

OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ag550Qcn Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-26750 CRITICAL POC Act Now

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-1827 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centralized Covid Vaccination Records System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1671 CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos Web Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-1826 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Computer And Laptop Store
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2023-27493 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-27491 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-27487 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-28235 CRITICAL Act Now

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etcd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-29312 CRITICAL Act Now

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Zend Framework
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1728 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.04.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Learning Management Systems
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1748 CRITICAL Act Now

The listed versions of Nexx Smart Home devices use hard-coded credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-28613 CRITICAL Act Now

An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Exynos 1280 Firmware Exynos 2200 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-26866 CRITICAL Act Now

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wr 1200 Firmware Ot 235 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy