Skip to main content
CVE-2023-4634 CRITICAL POC PATCH THREAT Act Now

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

RCE WordPress PHP Media Library Assistant
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.1%
Threat
6.2
CVE-2023-39967 CRITICAL POC Act Now

WireMock is a tool for mocking HTTP services. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Studio
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-41330 CRITICAL POC PATCH Act Now

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Snappy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-40397 CRITICAL Act Now

The issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-23623 CRITICAL PATCH Act Now

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20238 CRITICAL Act Now

A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Broadworks Application Delivery Platform Broadworks Xtended Services Platform
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2023-0925 CRITICAL Act Now

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft Deserialization Webmethods
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41149 CRITICAL Act Now

F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection F Revocrm
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-30723 CRITICAL Act Now

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-4485 CRITICAL Act Now

ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Sistemas Scada
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-20269 CRITICAL KEV THREAT Act Now

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
9.1
EPSS
21.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy