Skip to main content
CVE-2023-48699 CRITICAL POC PATCH Act Now

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Code Injection Information Disclosure Fastbots
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48306 CRITICAL POC Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49105 CRITICAL POC THREAT Act Now

An issue was discovered in ownCloud owncloud/core before 10.13.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Owncloud Server
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2023-48230 CRITICAL POC PATCH Act Now

Cap'n Proto is a data interchange format and capability-based RPC system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Capnproto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-48228 CRITICAL POC PATCH Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5055 CRITICAL POC Act Now

Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48307 CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6248 CRITICAL Act Now

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Syrus 4G Iot Telematics Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-49060 CRITICAL Act Now

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Information Disclosure Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4149 CRITICAL Act Now

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection 0852 0602 Firmware 0852 0603 Firmware 0852 1605 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-42770 CRITICAL PATCH Act Now

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure St Ipm 6350 Firmware St Ipm 8460 Firmware Vt Mipm 135 D Firmware Vt Mipm 245 D Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40151 CRITICAL PATCH Act Now

When user authentication is not enabled the shell can execute commands with the highest privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure St Ipm 6350 Firmware St Ipm 8460 Firmware Vt Mipm 135 D Firmware Vt Mipm 245 D Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy