Skip to main content
CVE-2023-30333 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27217 CRITICAL POC Act Now

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service F7C063 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-20189 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2023-20162 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20161 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20160 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20159 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20158 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20157 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20156 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29985 CRITICAL POC Act Now

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31729 CRITICAL Act Now

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A3300R Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-30470 CRITICAL PATCH Act Now

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28753 CRITICAL PATCH Act Now

netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Netconsd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-28081 CRITICAL PATCH Act Now

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25933 CRITICAL PATCH Act Now

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23557 CRITICAL PATCH Act Now

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23556 CRITICAL PATCH Act Now

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2799 CRITICAL Act Now

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Cnoa Oa
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32680 CRITICAL PATCH Act Now

Metabase is an open source business analytics engine. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Metabase
NVD GitHub
CVSS 3.1
9.6
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy