Skip to main content
CVE-2023-1523 CRITICAL POC PATCH Act Now

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Snapd Ubuntu Linux
NVD GitHub
CVSS 3.1
10.0
EPSS
1.4%
CVE-2023-4712 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smart Table Integrated Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40980 CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Dwsurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39631 CRITICAL POC PATCH Act Now

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36100 CRITICAL POC Act Now

An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36076 CRITICAL POC Act Now

SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-41364 CRITICAL POC Act Now

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tine
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4708 CRITICAL POC THREAT Act Now

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Clcknshop
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
45.6%
CVE-2023-36328 CRITICAL PATCH Act Now

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Libtommath Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36327 CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Relic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36326 CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Relic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36187 CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Cbr40 Firmware Lax20 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4696 CRITICAL PATCH Act Now

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy