Skip to main content
CVE-2023-35856 CRITICAL POC Act Now

A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Mario Kart Wii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35855 CRITICAL POC Act Now

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Counter Strike
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35839 CRITICAL POC PATCH Act Now

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Solon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2907 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.7.1.7 ; Login:1.4 ; API:20230605. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Marksoft
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-34159 CRITICAL Act Now

Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31411 CRITICAL Act Now

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sick Eventcam App
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27992 CRITICAL KEV PATCH THREAT Act Now

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas540 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
84.2%
CVE-2023-34417 CRITICAL Act Now

Memory safety bugs present in Firefox 113. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34416 CRITICAL Act Now

Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29542 CRITICAL Act Now

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25736 CRITICAL Act Now

An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32216 CRITICAL Act Now

Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29531 CRITICAL Act Now

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Apple Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27396 CRITICAL Act Now

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs1W Eip21 Firmware Cs1W Spu01 V2 Firmware Cs1W Spu02 V2 Firmware Cs1W Etn21 Firmware +267
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35857 CRITICAL Act Now

In Siren Investigate before 13.2.2, session keys remain active even after logging out. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-35853 CRITICAL PATCH Act Now

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Suricata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29158 CRITICAL Act Now

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powersystem Center
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-29534 CRITICAL Act Now

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Focus
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy