Skip to main content
CVE-2023-4897 CRITICAL POC PATCH Act Now

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Anythingllm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40946 CRITICAL POC Act Now

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40945 CRITICAL POC Act Now

Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40944 CRITICAL POC Act Now

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31069 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tsplus Remote Work
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-31068 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tsplus Remote Work
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-31067 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tsplus Remote Access
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-30058 CRITICAL POC Act Now

novel-plus 3.6.2 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42471 CRITICAL POC Act Now

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Wave
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-42470 CRITICAL POC Act Now

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Life
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-39069 CRITICAL Act Now

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cortex Thehive
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35681 CRITICAL Act Now

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-40150 CRITICAL Act Now

Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Meddream Pacs
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36140 CRITICAL Act Now

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cleaning Business Software
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-40039 CRITICAL Act Now

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tg852G Firmware Tg862G Firmware Tg1672G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41256 CRITICAL Act Now

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maglink Lx Web Console Configuration
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy