Skip to main content
CVE-2023-32560 CRITICAL POC THREAT Emergency

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Avalanche
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-32563 CRITICAL POC THREAT Act Now

An unauthenticated attacker could achieve the code execution through a RemoteControl server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Avalanche
NVD
CVSS 3.1
9.8
EPSS
90.2%
CVE-2023-39966 CRITICAL POC PATCH Act Now

1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 1panel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37734 CRITICAL POC Act Now

EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mp3 Audio Converter
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37069 CRITICAL POC Act Now

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39806 CRITICAL Act Now

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Icms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39805 CRITICAL Act Now

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Icms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32564 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
37.4%
CVE-2023-32562 CRITICAL Act Now

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.4%
CVE-2023-38034 CRITICAL Act Now

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti RCE Command Injection Unifi Uap Firmware Unifi Switch Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35085 CRITICAL Act Now

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Ubiquiti Unifi Uap Firmware Unifi Switch Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32567 CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-36311 CRITICAL Act Now

There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Document Creator
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39776 CRITICAL Act Now

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ticket Support Script
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26311 CRITICAL Act Now

A remote code execution vulnerability in the webview component of OPPO Store app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oppo Store
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26309 CRITICAL Act Now

A remote code execution vulnerability in the webview component of OnePlus Store app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Store
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30699 CRITICAL Act Now

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32565 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2023-32566 CRITICAL Act Now

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avalanche
NVD
CVSS 3.1
9.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy