Skip to main content
CVE-2023-27524 CRITICAL POC KEV PATCH THREAT Act Now

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.4%
CVE-2023-1020 CRITICAL POC Act Now

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Live Chat Shoutbox
NVD WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2023-29566 CRITICAL POC PATCH Act Now

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Dawnsparks Node Tesseract Huedawn Tesseract
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-27849 CRITICAL POC Act Now

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Rails Routes To Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27848 CRITICAL POC Act Now

broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Broccoli Compass
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-26865 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bdroppy
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31060 CRITICAL POC Act Now

Repetier Server through 1.4.10 executes as SYSTEM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Repetier Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-30613 CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2023-24823 CRITICAL PATCH Act Now

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30378 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30376 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30375 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30373 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30372 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30371 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30370 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24819 CRITICAL PATCH Act Now

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30369 CRITICAL Act Now

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30368 CRITICAL Act Now

Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25133 CRITICAL Act Now

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25132 CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25131 CRITICAL Act Now

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-22581 CRITICAL Act Now

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure White Rabbit Switch Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28131 CRITICAL PATCH Act Now

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expo Software Development Kit
NVD
CVSS 3.1
9.6
EPSS
23.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy