Skip to main content
CVE-2023-3626 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706.ashx of the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3625 CRITICAL POC Act Now

A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3623 CRITICAL POC Act Now

A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mountain Flood Disaster Prevention Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3617 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Best POS Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37659 CRITICAL POC PATCH Act Now

xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Xalpha
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-37656 CRITICAL POC Act Now

WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Websiteguide
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-34561 CRITICAL POC Act Now

A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Geometry Dash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-29131 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2023-29130 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-37271 CRITICAL PATCH Act Now

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

RCE Python Restrictedpython
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-3127 CRITICAL Act Now

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Istar Ultra Firmware Istar Ultra Lt Firmware Istar Ultra G2 Firmware Edge G2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36825 CRITICAL PATCH Act Now

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Deserialization Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35367 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-35366 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-35365 CRITICAL PATCH Act Now

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-33154 CRITICAL PATCH Act Now

Windows Partition Management Driver Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32057 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-32056 CRITICAL PATCH Act Now

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3624 CRITICAL Act Now

A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Inout Blockchain Fiatexchanger
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28001 CRITICAL Act Now

An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-26861 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Viva Wallet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3619 CRITICAL Act Now

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical.php?f=save_service of the component HTTP POST Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33150 CRITICAL PATCH Act Now

Microsoft Office Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-2746 CRITICAL Act Now

The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS CSRF Information Disclosure Enhanced Him
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-35871 CRITICAL Act Now

The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure SAP Web Dispatcher
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2023-33987 CRITICAL Act Now

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Request Smuggling Web Dispatcher
NVD
CVSS 3.1
9.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy