Skip to main content
CVE-2023-30547 CRITICAL POC PATCH THREAT Act Now

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
72.1%
CVE-2023-2130 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Purchase Order Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2023-29665 CRITICAL POC Act Now

D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow via the NewPassword parameters in SetPasswdSettings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-22946 CRITICAL PATCH Act Now

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Spark
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2023-1873 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.04.05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bircard
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-1723 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.S.2343. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mobile Assistant
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-28962 CRITICAL Act Now

An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24501 CRITICAL Act Now

Electra Central AC unit - Hardcoded Credentials in unspecified code used by the unit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Ac Unit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30769 CRITICAL Act Now

Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dogecoin
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27844 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Leurlrewrite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30771 CRITICAL Act Now

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.13.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb Web Workbench
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-30770 CRITICAL Act Now

A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Adm
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24831 CRITICAL PATCH Act Now

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 through 0.13.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy