Skip to main content
CVE-2023-30328 CRITICAL POC Act Now

An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Shimo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2523 CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
32.9%
CVE-2023-30203 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29827 CRITICAL POC Act Now

ejs v3.1.9 is vulnerable to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ejs
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2023-30331 CRITICAL POC Act Now

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Beetl
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30077 CRITICAL POC Act Now

Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23059 CRITICAL Act Now

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Gv Edge Recording Manager
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-22651 CRITICAL PATCH Act Now

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Rancher
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-21504 CRITICAL Act Now

Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21503 CRITICAL Act Now

Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21494 CRITICAL Act Now

Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30268 CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cltphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30264 CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Cltphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20126 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Authentication Bypass Spa112 Firmware
NVD
CVSS 3.1
9.8
EPSS
38.1%
CVE-2023-2524 CRITICAL Act Now

A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rhid
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-2520 CRITICAL Act Now

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical.cgi?action=Command of the component Ping Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Caton Prime
NVD VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-2519 CRITICAL Act Now

A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ctp Relay Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy