Skip to main content
CVE-2023-29736 CRITICAL POC Act Now

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Google Keyboard Themes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-33963 CRITICAL POC Act Now

DataEase is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33778 CRITICAL POC Act Now

Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Myvigor Vigorswitch Pq2200Xb Firmware Vigorswitch Pq2121X Firmware Vigorswitch P2540Xs Firmware +68
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-29722 CRITICAL POC Act Now

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Glitter Unicorn Wallpaper
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-32713 CRITICAL Act Now

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Splunk Splunk App For Stream
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-3028 CRITICAL Act Now

Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hqt401 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-24584 CRITICAL Act Now

Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Controller 6000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-23952 CRITICAL Act Now

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy