Skip to main content
CVE-2023-36845 CRITICAL POC KEV THREAT Emergency

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Code Injection PHP Junos
NVD
CVSS 3.1
9.8
EPSS
93.5%
CVE-2023-26469 CRITICAL POC THREAT Emergency

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jorani
NVD GitHub
CVSS 3.1
9.8
EPSS
81.9%
CVE-2023-2917 CRITICAL POC THREAT Act Now

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Rockwell Thinmanager Thinserver
NVD
CVSS 3.1
9.8
EPSS
67.8%
CVE-2023-2915 CRITICAL POC THREAT Act Now

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rockwell Thinmanager Thinserver
NVD
CVSS 3.1
9.1
EPSS
78.1%
CVE-2023-39970 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Acymailing Starter
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40252 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34215 CRITICAL PATCH Act Now

TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34214 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34213 CRITICAL PATCH Act Now

TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33239 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33238 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy