Skip to main content
CVE-2023-28324 CRITICAL POC THREAT Emergency

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2023-26136 CRITICAL POC PATCH Act Now

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Tough Cookie
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-28323 CRITICAL Act Now

A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-22814 CRITICAL Act Now

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.26.202. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass My Cloud Os
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28365 CRITICAL Act Now

A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ubiquiti Command Injection Unifi Network Application
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-31997 CRITICAL Act Now

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Os
NVD
CVSS 3.1
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy