Skip to main content
CVE-2023-33625 CRITICAL POC THREAT Emergency

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
33.2%
CVE-2023-33626 CRITICAL POC Act Now

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-34581 CRITICAL POC Act Now

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Service Provider Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-26133 CRITICAL POC PATCH Act Now

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Progressbar Js
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32674 CRITICAL Act Now

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Microsoft Pc Hardware Diagnostics
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32673 CRITICAL PATCH Act Now

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26295 CRITICAL Act Now

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-32220 CRITICAL Act Now

Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ncr Camera Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-27716 CRITICAL Act Now

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kafkaui Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35042 CRITICAL PATCH Act Now

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Geoserver
NVD
CVSS 3.1
9.8
EPSS
43.2%
CVE-2023-35034 CRITICAL Act Now

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34342 CRITICAL Act Now

AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Megarac Sp X
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-34335 CRITICAL Act Now

AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Megarac Spx
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-35036 CRITICAL Act Now

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
9.1
EPSS
12.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy