Skip to main content
CVE-2023-2583 CRITICAL POC PATCH Act Now

Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Jsreport
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2023-30092 CRITICAL POC Act Now

SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Pizza Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29696 CRITICAL POC Act Now

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gr 1200W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29693 CRITICAL POC Act Now

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gr 1200W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1650 CRITICAL POC THREAT Act Now

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Wpbot
NVD WPScan
CVSS 3.1
9.8
EPSS
34.4%
CVE-2023-30018 CRITICAL POC Act Now

Judging Management System v1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29944 CRITICAL POC Act Now

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-30185 CRITICAL Act Now

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-31182 CRITICAL Act Now

EasyTor Applications - Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easytor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31129 CRITICAL PATCH Act Now

The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24507 CRITICAL Act Now

AgilePoint NX v8.0 SU2.2 & SU2.3 - Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Agilepoint Nx
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28201 CRITICAL Act Now

This issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition RCE Apple Safari Ipados +2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27953 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-23526 CRITICAL Act Now

This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-22786 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22785 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22784 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22783 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22782 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22781 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22780 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-22779 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-25754 CRITICAL PATCH Act Now

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-31039 CRITICAL PATCH Act Now

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Brpc
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31178 CRITICAL Act Now

AgilePoint NX v8.0 SU2.2 & SU2.3 - Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agilepoint Nx
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-31123 CRITICAL PATCH Act Now

`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Tripreporter
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27958 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
CVSS 3.1
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy