Skip to main content
CVE-2023-31470 CRITICAL POC PATCH Act Now

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Smartdns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26813 CRITICAL POC Act Now

SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Wangmarket
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-26781 CRITICAL POC Act Now

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2371 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2370 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2369 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2368 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2367 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2366 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2365 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2363 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27973 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware +37
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27972 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware +36
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-30856 CRITICAL Act Now

eDEX-UI is a science fiction terminal emulator. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edex Ui
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-27971 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware Laserjet Pro M304 M305 W1A48A Firmware +35
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1966 CRITICAL Act Now

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Iscan Firmware Iseq 100 Firmware Miniseq Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0834 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.12 before 8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Workforce Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-30467 CRITICAL Act Now

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Authentication Bypass Ms N5008 Uc Firmware Ms N1008 Unc Firmware Ms N1008 Uc Firmware +18
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-30466 CRITICAL Act Now

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Ms N5008 Uc Firmware Ms N1008 Unc Firmware Ms N1008 Uc Firmware Ms N1004 Uc Firmware +17
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy