Skip to main content
CVE-2023-2868 CRITICAL POC KEV THREAT Emergency

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Command Injection Email Security Gateway 300 Firmware Email Security Gateway 400 Firmware Email Security Gateway 600 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
87.0%
CVE-2023-33246 CRITICAL POC KEV PATCH THREAT Act Now

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Rocketmq
NVD GitHub
CVSS 3.1
9.8
EPSS
96.6%
CVE-2023-29721 CRITICAL POC Act Now

SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sofawiki
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2865 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Theme Park Ticketing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33796 CRITICAL POC Act Now

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netbox
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-2064 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.05.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Etrace
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Software Auto Damage Tracking Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2750 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Municipality
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-31458 CRITICAL Act Now

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31457 CRITICAL Act Now

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1174 CRITICAL Act Now

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Docker Minikube
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33010 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-33009 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy