Skip to main content
CVE-2023-45311 CRITICAL POC PATCH MAL Act Now

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Fsevents
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3725 CRITICAL POC Act Now

Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-45239 CRITICAL POC Act Now

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tac Plus Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-44807 CRITICAL POC Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26153 CRITICAL POC PATCH Act Now

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Geokit Rails
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-4530 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Advertising Administration Panel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5214 CRITICAL PATCH Act Now

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Bolt
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-43058 CRITICAL PATCH Act Now

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38703 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Python Memory Corruption Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy