Skip to main content
CVE-2023-3519 CRITICAL POC KEV EUVD KEV THREAT Emergency

Citrix NetScaler ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited massively in summer 2023, with thousands of appliances compromised before patches were applied.

NVD
CVSS 3.1
9.8
EPSS
93.8%
Threat
9.8
CVE-2023-3765 CRITICAL POC PATCH THREAT Act Now

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
10.0
EPSS
70.7%
CVE-2023-3722 CRITICAL POC Act Now

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file.1.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Command Injection Aura Device Services
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-3759 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3638 CRITICAL Act Now

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gv Adr2701 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34034 CRITICAL PATCH Act Now

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-3463 CRITICAL Act Now

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3751 CRITICAL Act Now

A vulnerability was found in Super Store Finder 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Super Store Finder
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy