Skip to main content
CVE-2023-43271 CRITICAL POC Act Now

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A500S Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-43899 CRITICAL Act Now

hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Hansuncms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-44467 CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5365 CRITICAL Act Now

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation HP Authentication Bypass Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43696 CRITICAL Act Now

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apu0200 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45612 CRITICAL PATCH Act Now

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Ktor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45613 CRITICAL PATCH Act Now

In JetBrains Ktor before 2.3.5 server certificates were not verified. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ktor
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-44392 CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection Deserialization Garden
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy