Skip to main content
CVE-2023-4966 CRITICAL POC KEV THREAT Emergency

Citrix NetScaler ADC and Gateway contain an information disclosure vulnerability known as 'CitrixBleed' that leaks sensitive session tokens from memory, enabling authenticated session hijacking at massive scale.

NVD
CVSS 3.1
9.4
EPSS
94.3%
Threat
9.7
CVE-2023-5495 CRITICAL POC Act Now

A vulnerability was found in QDocs Smart School 6.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smart School
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34993 CRITICAL POC THREAT Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
18.1%
CVE-2023-30806 CRITICAL POC THREAT Act Now

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Next Gen Application Firewall
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2023-30805 CRITICAL POC THREAT Act Now

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Next Gen Application Firewall
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2023-30803 CRITICAL POC THREAT Act Now

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Next Gen Application Firewall
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-41373 CRITICAL Act Now

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Security Manager Big Ip Domain Name System +14
NVD
CVSS 3.1
9.9
EPSS
2.4%
CVE-2023-4309 CRITICAL Act Now

Election Services Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Internet Election Service
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36434 CRITICAL PATCH Act Now

Windows IIS Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-36419 CRITICAL PATCH Act Now

Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Apache XXE Microsoft Azure Hdinsight
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-35349 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-36550 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-36549 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-36548 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-36547 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-34992 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via crafted API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisiem
NVD
CVSS 3.1
9.8
EPSS
65.5%
CVE-2023-30801 CRITICAL Act Now

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qbittorrent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43625 CRITICAL Act Now

A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Simcenter Amesim
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-41679 CRITICAL Act Now

An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimanager
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-35796 CRITICAL Act Now

A vulnerability has been identified in SINEMA Server V14 (All versions). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sinema Server
NVD
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy