Skip to main content
CVE-2023-39851 CRITICAL POC Act Now

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webchess
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39850 CRITICAL POC Act Now

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39852 CRITICAL POC Act Now

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38866 CRITICAL POC Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-38864 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38865 CRITICAL POC Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-38863 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38862 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38861 CRITICAL POC Act Now

An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-39662 CRITICAL POC PATCH Act Now

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Llamaindex
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39661 CRITICAL POC Act Now

An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pandasai
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39659 CRITICAL POC PATCH Act Now

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38915 CRITICAL POC Act Now

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Easyadmin8
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38896 CRITICAL POC PATCH Act Now

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-38889 CRITICAL POC Act Now

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Alluxio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-38860 CRITICAL POC PATCH Act Now

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-35082 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-4344 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4342 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4341 CRITICAL Act Now

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4340 CRITICAL Act Now

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4338 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4337 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4336 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4329 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4325 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4324 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4323 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy