Skip to main content
CVE-2023-38495 CRITICAL POC PATCH Act Now

Crossplane is a framework for building cloud native control planes without needing to write code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crossplane
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3975 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Drawio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-38490 CRITICAL PATCH Act Now

Kirby is a content management system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Kirby
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2023-3956 CRITICAL PATCH Act Now

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Instawp Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33745 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33744 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33743 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3974 CRITICAL PATCH Act Now

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Drawio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy