Skip to main content
CVE-2023-26068 CRITICAL POC THREAT Emergency

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD GitHub
CVSS 3.1
9.8
EPSS
11.6%
CVE-2023-27076 CRITICAL POC THREAT Act Now

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Tenda G103 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.9%
CVE-2023-27650 CRITICAL POC Act Now

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Launcher
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-1969 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1478 CRITICAL POC Act Now

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Hummingbird
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27178 CRITICAL Act Now

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gdidees Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-26070 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26069 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26066 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26065 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26064 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26063 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29375 CRITICAL Act Now

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Sitefinity
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29216 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Linkis
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-29215 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Linkis
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-27603 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Linkis
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27602 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Linkis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27987 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Linkis
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy