Skip to main content
CVE-2023-48022 CRITICAL POC THREAT Emergency

Anyscale Ray 2.6.3 and 2.8.0 expose an unauthenticated job submission API that allows remote code execution by design. The vendor considers this expected behavior for a compute framework intended for trusted network environments, but internet-exposed Ray clusters are actively exploited by cryptominers and data exfiltration campaigns.

NVD
CVSS 3.1
9.8
EPSS
92.2%
Threat
8.2
CVE-2023-48193 CRITICAL POC Act Now

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jumpserver
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-41264 CRITICAL POC Act Now

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Usercube
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49313 CRITICAL POC Act Now

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Authentication Bypass Xmachoviewer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-3545 CRITICAL POC PATCH Act Now

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Microsoft Apache PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-3533 CRITICAL POC PATCH Act Now

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Path Traversal File Upload RCE PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-3368 CRITICAL POC PATCH THREAT Act Now

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo
NVD GitHub
CVSS 3.1
9.8
EPSS
68.9%
CVE-2023-47503 CRITICAL POC Act Now

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48023 CRITICAL POC THREAT Act Now

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ray
NVD
CVSS 3.1
9.1
EPSS
35.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy