Skip to main content
CVE-2023-31689 CRITICAL POC THREAT Act Now

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Wcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2023-2840 CRITICAL POC PATCH Act Now

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33294 CRITICAL POC Act Now

An issue was discovered in KaiOS 3.0 before 3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kaios
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2838 CRITICAL POC PATCH Act Now

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-31241 CRITICAL Act Now

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orvc
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-2504 CRITICAL Act Now

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A300 Firmware Mini Firmware 4K Quad Firmware Studio R3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31240 CRITICAL Act Now

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28386 CRITICAL Act Now

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Orvc
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-31098 CRITICAL PATCH Act Now

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Brute Force Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31062 CRITICAL PATCH Act Now

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Inlong
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2586 CRITICAL Act Now

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32347 CRITICAL Act Now

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33236 CRITICAL PATCH Act Now

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Mxsecurity
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32336 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-31066 CRITICAL PATCH Act Now

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Information Disclosure Inlong
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-31065 CRITICAL PATCH Act Now

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-2597 CRITICAL PATCH Act Now

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Openj9
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy