Skip to main content
CVE-2023-30187 CRITICAL POC PATCH Act Now

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow RCE Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-30186 CRITICAL POC PATCH Act Now

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free RCE Document Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-3435 CRITICAL POC Act Now

The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi User Activity Log
NVD WPScan
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4322 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2 Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37847 CRITICAL Act Now

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-21287 CRITICAL PATCH Act Now

In multiple locations, there is a possible code execution due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21242 CRITICAL PATCH Act Now

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-20965 CRITICAL PATCH Act Now

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39293 CRITICAL Act Now

A Command Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to execute arbitrary commands within the context of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Mivoice Office 400 Mivoice Office 400 Smb Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-39292 CRITICAL Act Now

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Mivoice Office 400 Mivoice Office 400 Smb Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-29468 CRITICAL Act Now

The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wilink8 Wifi Mcp8
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2023-32748 CRITICAL Act Now

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40359 CRITICAL Act Now

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xterm
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3266 CRITICAL Act Now

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3265 CRITICAL Act Now

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel Server
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3264 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Powerpanel Server Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3259 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy