Skip to main content
CVE-2023-29824 CRITICAL POC PATCH Act Now

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Scipy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23902 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-22844 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Milesightvpn
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-22319 CRITICAL POC Act Now

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Milesightvpn
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36188 CRITICAL POC PATCH Act Now

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-30319 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-34192 CRITICAL POC KEV THREAT Act Now

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
9.0
EPSS
77.3%
CVE-2023-30321 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-30320 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-36460 CRITICAL PATCH Act Now

Mastodon is a free, open-source social network server based on ActivityPub. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Denial Of Service Mastodon
NVD GitHub
CVSS 3.1
9.9
EPSS
40.1%
CVE-2023-36859 CRITICAL Act Now

PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35987 CRITICAL Act Now

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33868 CRITICAL Act Now

The number of login attempts is not limited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3528 CRITICAL Act Now

A vulnerability was found in ThinuTech ThinuCMS 1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Thinu Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-29382 CRITICAL Act Now

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29381 CRITICAL Act Now

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37242 CRITICAL Act Now

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37245 CRITICAL Act Now

Buffer overflow vulnerability in the modem pinctrl module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-37240 CRITICAL Act Now

Vulnerability of missing input length verification in the distributed file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy