Skip to main content
CVE-2023-38894 CRITICAL POC PATCH Act Now

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Tree Kit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-39846 CRITICAL POC Act Now

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Konga
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39115 CRITICAL POC Act Now

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Complete Online Matrimonial Website System Script
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-26037 CRITICAL Act Now

Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Punkbuster
NVD VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-4204 CRITICAL Act Now

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nport Iaw5000A I O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-33663 CRITICAL Act Now

In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aicustomfee
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32493 CRITICAL Act Now

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Dell Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20017 CRITICAL Act Now

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Intersight Private Virtual Appliance
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-20013 CRITICAL Act Now

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Intersight Private Virtual Appliance
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy