Skip to main content
CVE-2023-1437 CRITICAL Act Now

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-26317 CRITICAL Act Now

Xiaomi routers have an external interface that can lead to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xiaomi Router Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26443 CRITICAL Act Now

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Backend
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1935 CRITICAL Act Now

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roc809 Firmware Roc827 Firmware Roc809L Firmware Roc827L Firmware +1
NVD
CVSS 3.1
9.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy