Skip to main content
CVE-2023-37677 CRITICAL POC Act Now

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37460 CRITICAL POC PATCH Act Now

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Plexus Archiver
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-37258 CRITICAL POC Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35078 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-32232 CRITICAL Act Now

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Printerlogic Client
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-32231 CRITICAL Act Now

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Printerlogic Client
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2023-35066 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.20230701. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.1953. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-37920 CRITICAL PATCH Act Now

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Certifi Fedora Active Iq Unified Manager Management Services For Element Software +4
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34798 CRITICAL Act Now

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload E Office
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35982 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35981 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35980 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35941 CRITICAL Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37895 CRITICAL PATCH Act Now

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache RCE Deserialization Jackrabbit
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-3548 CRITICAL Act Now

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iq Wifi 6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35088 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-32637 CRITICAL Act Now

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gbrowse
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy