Skip to main content
CVE-2023-29017 CRITICAL POC PATCH THREAT Act Now

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
63.2%
CVE-2023-1908 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Mobile Comparison Website
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29475 CRITICAL Act Now

inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29474 CRITICAL Act Now

inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29473 CRITICAL Act Now

webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28500 CRITICAL Act Now

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Adobe Deserialization Livecycle Es4
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0580 CRITICAL Act Now

Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure My Control System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-24538 CRITICAL PATCH Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Google Go
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-0750 CRITICAL Act Now

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yellobrik Pec 1864 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy