Skip to main content
CVE-2023-29300 CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion 2023, 2021, and 2018 contain a Java deserialization vulnerability allowing unauthenticated remote code execution, part of a series of critical ColdFusion flaws actively exploited in 2023.

NVD
CVSS 3.1
9.8
EPSS
93.7%
Threat
9.8
CVE-2023-33668 CRITICAL POC Act Now

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digiexam
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33274 CRITICAL POC Act Now

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Snmp Web Pro
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26564 CRITICAL POC Act Now

The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ej2 Aspcore File Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26563 CRITICAL POC Act Now

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Nodejs File System Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-3643 CRITICAL POC THREAT Act Now

A vulnerability was found in Boss Mini 1.4.0 Build 6221. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boss Mini Firmware
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
75.4%
CVE-2023-37629 CRITICAL POC THREAT Act Now

Online Piggery Management System 1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Online Piggery Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
23.3%
CVE-2023-37628 CRITICAL POC Act Now

Online Piggery Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Online Piggery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37627 CRITICAL POC Act Now

Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Restaurant Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37582 CRITICAL POC PATCH THREAT Act Now

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rocketmq
NVD
CVSS 3.1
9.8
EPSS
90.4%
CVE-2023-3644 CRITICAL Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Service Provider Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3595 CRITICAL Act Now

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell RCE 1756 En2F Series A Firmware +11
NVD
CVSS 3.1
9.8
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy