Skip to main content
CVE-2023-27350 CRITICAL POC KEV THREAT Emergency

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Papercut Mf Papercut Ng
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-20864 CRITICAL POC THREAT Act Now

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE VMware Deserialization Aria Operations For Logs Cloud Foundation
NVD
CVSS 3.1
9.8
EPSS
70.4%
CVE-2023-30076 CRITICAL POC Act Now

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29528 CRITICAL POC PATCH Act Now

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Commons
NVD GitHub
CVSS 3.1
9.0
EPSS
1.3%
CVE-2023-2131 CRITICAL Act Now

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-20873 CRITICAL PATCH Act Now

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Boot
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29926 CRITICAL Act Now

PowerJob V4.3.2 has unauthorized interface that causes remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Powerjob
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2193 CRITICAL Act Now

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy