Skip to main content
CVE-2023-37679 CRITICAL POC THREAT Emergency

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 97.1%.

Command Injection Mirth Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
97.1%
Threat
6.4
CVE-2023-36082 CRITICAL POC Act Now

An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flexiva Fax 150W Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-38942 CRITICAL POC Act Now

Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dango Translator
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-36213 CRITICAL POC Act Now

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Motocms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-4121 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Smart S85F
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-4120 CRITICAL POC THREAT Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Smart S85F
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
81.1%
CVE-2023-36217 CRITICAL POC Act Now

Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Xoops
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
1.4%
CVE-2023-38951 CRITICAL Act Now

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Biotime
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-38954 CRITICAL Act Now

ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bioaccess Ivs
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33666 CRITICAL PATCH Act Now

ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Aioptimizedcombinations
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4008 CRITICAL Act Now

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21409 CRITICAL Act Now

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure License Plate Verifier
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21408 CRITICAL Act Now

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure License Plate Verifier
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3346 CRITICAL Act Now

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service C80 Firmware E70 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-33371 CRITICAL Act Now

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Control Id Idsecure
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-20214 CRITICAL Act Now

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-37364 CRITICAL Act Now

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE J Wbem
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-33369 CRITICAL Act Now

A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Control Id Idsecure
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy