Skip to main content
CVE-2023-26122 CRITICAL POC Act Now

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Safe Eval
NVD GitHub
CVSS 3.1
10.0
EPSS
2.1%
CVE-2023-26121 CRITICAL POC Act Now

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Safe Eval
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2023-21554 CRITICAL POC PATCH THREAT Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD GitHub
CVSS 3.1
9.8
EPSS
95.5%
CVE-2023-1984 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complaint Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1983 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27192 CRITICAL POC Act Now

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Super Security
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27645 CRITICAL POC Act Now

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Poweramp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28808 CRITICAL Act Now

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Authentication Bypass Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +7
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28250 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-28489 CRITICAL Act Now

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cp 8031 Firmware Cp 8050 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-29492 CRITICAL KEV THREAT Act Now

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Novi Survey
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-28765 CRITICAL Act Now

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
9.8
EPSS
14.9%
CVE-2023-27497 CRITICAL Act Now

Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Diagnostics Agent
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0645 CRITICAL PATCH Act Now

An out of bounds read exists in libjxl. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libjxl
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy