Skip to main content
CVE-2023-6019 CRITICAL POC PATCH THREAT Act Now

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ray
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
74.6%
CVE-2023-6014 CRITICAL POC PATCH Act Now

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mlflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-6018 CRITICAL POC PATCH THREAT Act Now

An attacker can overwrite any file on the server hosting MLflow without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mlflow
NVD
CVSS 3.1
9.8
EPSS
47.9%
CVE-2023-6016 CRITICAL POC THREAT Act Now

An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection H2O
NVD
CVSS 3.1
9.8
EPSS
30.6%
CVE-2023-47003 CRITICAL POC Act Now

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Null Pointer Dereference Redisgraph
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-47674 CRITICAL Act Now

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cfr 1004Ea Firmware Cfr 1008Ea Firmware Cfr 1016Ea Firmware Cfr 16Eaa Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-47213 CRITICAL Act Now

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cfr 1004Ea Firmware Cfr 1008Ea Firmware Cfr 1016Ea Firmware Cfr 16Eaa Firmware +24
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy