Skip to main content
CVE-2023-42277 CRITICAL POC Act Now

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42276 CRITICAL POC Act Now

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42268 CRITICAL POC Act Now

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41615 CRITICAL POC Act Now

Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoo Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37759 CRITICAL POC Act Now

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crypto Currency Tracker
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-27715 CRITICAL Act Now

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mofi4500 4Gxelte V2 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39320 CRITICAL PATCH Act Now

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy