Skip to main content
CVE-2023-22515 CRITICAL POC KEV EUVD KEV THREAT Emergency

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Atlassian Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
94.3%
Threat
9.8
CVE-2023-36619 CRITICAL POC Act Now

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Border Controller
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-5374 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5373 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38701 CRITICAL POC Act Now

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-35803 CRITICAL Act Now

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Iq Engine
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-41094 CRITICAL Act Now

TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5399 CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Spacelogic C Bus Toolkit
NVD
CVSS 3.1
9.8
EPSS
38.5%
CVE-2023-5391 CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert Ecostruxure Power Operation With Advanced Reports Ecostruxure Power Scada Operation With Advanced Reports
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5402 CRITICAL Act Now

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE C Bus Toolkit
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20101 CRITICAL Act Now

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Emergency Responder
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-4494 CRITICAL Act Now

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Easy Chat Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4491 CRITICAL Act Now

Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Easy Address Book Web Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2809 CRITICAL Act Now

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sage 200 Spain
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37404 CRITICAL PATCH Act Now

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE IBM Observability With Instana
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44208 CRITICAL Act Now

Sensitive information disclosure and manipulation due to missing authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Authentication Bypass Cyber Protect Home Office
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy