Skip to main content
CVE-2023-2595 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Establishment Billing Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27407 CRITICAL Act Now

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2023-28316 CRITICAL Act Now

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20520 CRITICAL Act Now

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Epyc 72F3 Firmware Epyc 7313 Firmware +61
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24943 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-24941 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
9.8
EPSS
94.7%
CVE-2023-31143 CRITICAL PATCH Act Now

mage-ai is an open-source data pipeline tool for transforming and integrating data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mage Ai
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29461 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29460 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2594 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Food Ordering Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-31126 CRITICAL PATCH Act Now

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2023-32113 CRITICAL Act Now

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Microsoft Gui For Windows
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2023-30744 CRITICAL Act Now

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-32071 CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
71.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy