Skip to main content
CVE-2023-3710 CRITICAL POC THREAT Act Now

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.19.050004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Command Injection Pm43 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
33.1%
CVE-2023-40834 CRITICAL POC Act Now

OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencart
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39637 CRITICAL Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection D-Link Dir 816 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-40622 CRITICAL Act Now

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2023-39073 CRITICAL Act Now

An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Snmp Web Pro
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41331 CRITICAL Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4501 CRITICAL Act Now

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cobol Server Enterprise Developer Enterprise Server Enterprise Test Server +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36765 CRITICAL PATCH Act Now

Microsoft Office Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Office
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36758 CRITICAL PATCH Act Now

Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-29332 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-40784 CRITICAL Act Now

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Dedecms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2071 CRITICAL Act Now

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk View
NVD
CVSS 3.1
9.8
EPSS
11.0%
CVE-2023-39150 CRITICAL PATCH Act Now

ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Conemu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40309 CRITICAL Act Now

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Commoncryptolib Content Server Extended Application Services And Runtime +6
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy