Skip to main content
CVE-2023-38545 CRITICAL POC PATCH THREAT Act Now

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.2%.

Memory Corruption Buffer Overflow Libcurl Fedora Active Iq Unified Manager +10
NVD GitHub
CVSS 3.1
9.8
EPSS
26.2%
Threat
4.2
CVE-2023-45911 CRITICAL POC Act Now

An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows unauthenticated attackers to login as any user without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Comscale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5642 CRITICAL POC THREAT Act Now

Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure R Seenet
NVD
CVSS 3.1
9.8
EPSS
16.7%
CVE-2023-46007 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46006 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46005 CRITICAL POC Act Now

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45146 CRITICAL Act Now

XXL-RPC is a high performance, distributed RPC framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xxl Rpc
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-4601 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Information Disclosure System Configuration
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39332 CRITICAL Act Now

Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-35084 CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy