Skip to main content
CVE-2023-34563 CRITICAL POC THREAT Act Now

netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6250 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.9%
CVE-2023-35885 CRITICAL POC THREAT Act Now

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
75.3%
CVE-2023-3340 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online School Fees System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34600 CRITICAL POC THREAT Act Now

Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loganalyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
23.7%
CVE-2023-34541 CRITICAL POC PATCH Act Now

Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33869 CRITICAL Act Now

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Envoy Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3337 CRITICAL Act Now

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Online Shopping System Advanced
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35854 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy