Skip to main content
CVE-2023-6126 CRITICAL POC PATCH Act Now

Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Suitecrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31247 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-28391 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28379 CRITICAL POC Act Now

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27882 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Gecko Software Development Kit Cesium Net +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-25181 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Gecko Software Development Kit Cesium Net +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-24585 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gecko Software Development Kit Cesium Net Uc Http
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45878 CRITICAL POC THREAT Act Now

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE PHP Gibbon
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2023-43902 CRITICAL POC Act Now

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Emsigner
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44373 CRITICAL CISA Emergency

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-45616 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45615 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-45614 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-47130 CRITICAL PATCH Act Now

Yii is an open source PHP web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE PHP Deserialization Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-36049 CRITICAL PATCH Act Now

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2023-34060 CRITICAL Act Now

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Director
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-31273 CRITICAL PATCH Act Now

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Intel Data Center Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20596 CRITICAL Act Now

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +60
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36553 CRITICAL Act Now

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisiem
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-36397 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
17.5%
CVE-2023-36028 CRITICAL PATCH Act Now

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +10
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-36018 CRITICAL PATCH Act Now

Visual Studio Code Jupyter Extension Spoofing Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-34991 CRITICAL Act Now

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet SQLi Fortiwlm
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-43504 CRITICAL Act Now

A vulnerability has been identified in COMOS (All versions < V10.4.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Comos
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25603 CRITICAL Act Now

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Fortinet Information Disclosure Fortiadc Fortiddos F
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy