Skip to main content
CVE-2023-33592 CRITICAL POC Act Now

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-26134 CRITICAL POC PATCH Act Now

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Commit Info
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-36475 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Node.js RCE Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-3243 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alerton Bcm Web Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32224 CRITICAL Act Now

D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dsl 224 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-32222 CRITICAL Act Now

D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl G256Dg Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-21517 CRITICAL Act Now

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Exynos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-21066 CRITICAL Act Now

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27866 CRITICAL PATCH Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Informix Jdbc Driver
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32623 CRITICAL Act Now

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Snow Monkey Forms
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy