Skip to main content
CVE-2023-36355 CRITICAL POC THREAT Act Now

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.9
EPSS
31.7%
CVE-2023-32571 CRITICAL POC PATCH THREAT Act Now

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Linq
NVD GitHub
CVSS 3.1
9.8
EPSS
34.9%
CVE-2023-36097 CRITICAL POC Act Now

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34939 CRITICAL POC Act Now

Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Onlyoffice
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2023-29711 CRITICAL POC THREAT Act Now

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Psg 5124 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
70.3%
CVE-2023-34601 CRITICAL POC Act Now

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeesite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29931 CRITICAL POC PATCH Act Now

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure PHP Laravels
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2989 CRITICAL POC Act Now

Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Eft Server
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-35926 CRITICAL PATCH Act Now

Backstage is an open platform for building developer portals. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Backstage
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2023-3128 CRITICAL PATCH Act Now

Grafana is validating Azure AD accounts based on the email claim. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Microsoft Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2023-28094 CRITICAL Act Now

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3326 CRITICAL Act Now

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2611 CRITICAL Act Now

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass R Seenet
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35174 CRITICAL PATCH Act Now

Livebook is a web application for writing interactive and collaborative code notebooks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Microsoft Livebook
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-20895 CRITICAL PATCH Act Now

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-20894 CRITICAL PATCH Act Now

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
33.9%
CVE-2023-20893 CRITICAL PATCH Act Now

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free VMware RCE Memory Corruption Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20892 CRITICAL PATCH Act Now

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE VMware Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy