Skip to main content
CVE-2023-42793 CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-41387 CRITICAL POC Act Now

A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple SQLi Flutter Downloader
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-26143 CRITICAL POC PATCH Act Now

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Blamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-4092 CRITICAL Act Now

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SQLi Arconte Aurea
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0773 CRITICAL Act Now

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ipc322Lb Sf28 A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5009 CRITICAL Act Now

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2023-29245 CRITICAL Act Now

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
9.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy