Skip to main content
CVE-2023-31465 CRITICAL POC THREAT Act Now

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Timekeeper
NVD GitHub
CVSS 3.1
9.8
EPSS
44.5%
CVE-2023-38673 CRITICAL POC PATCH Act Now

PaddlePaddle before 2.5.0 has a command injection in fs.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-38671 CRITICAL POC PATCH Act Now

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38669 CRITICAL POC PATCH Act Now

Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33308 CRITICAL Act Now

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortiproxy +1
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-26859 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Brevo
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38647 CRITICAL PATCH Act Now

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Helix
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy