Skip to main content
CVE-2023-47800 CRITICAL POC Act Now

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Authentication Bypass Neuroworks Eeg Sleepworks
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-47246 CRITICAL POC KEV THREAT Act Now

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat RCE Path Traversal Sysaid
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-39796 CRITICAL POC Act Now

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Wbce Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2023-47128 CRITICAL POC PATCH Act Now

Piccolo is an object-relational mapping and query builder which supports asyncio. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Piccolo
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-4804 CRITICAL Act Now

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Quantum Hd Unity Compressor Firmware Quantum Hd Unity Acuair Firmware Quantum Hd Unity Condenser Vessel Firmware Quantum Hd Unity Evaporator Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47129 CRITICAL PATCH Act Now

Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Statamic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-47121 CRITICAL PATCH Act Now

Discourse is an open source platform for community discussion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6074 CRITICAL Act Now

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy