Skip to main content
CVE-2023-3824 CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-40267 CRITICAL PATCH Act Now

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpython
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-40254 CRITICAL Act Now

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.0: from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-40253 CRITICAL Act Now

Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.0: from V4.0.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-40256 CRITICAL Act Now

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Snapshot Manager
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-25775 CRITICAL Act Now

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Ethernet Controller Rdma Driver For Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27515 CRITICAL PATCH Act Now

Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation XSS Intel Driver Support Assistant
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-40260 CRITICAL Act Now

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Empowerid
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy