Skip to main content
CVE-2023-5952 CRITICAL POC Act Now

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Welcart E Commerce
NVD WPScan
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48967 CRITICAL POC Act Now

Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Solon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48910 CRITICAL POC PATCH Act Now

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Microcks
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48800 CRITICAL POC Act Now

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-48799 CRITICAL POC Act Now

TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49287 CRITICAL POC Act Now

TinyDir is a lightweight C directory and file reader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tinydir
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-40082 CRITICAL PATCH Act Now

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40078 CRITICAL PATCH Act Now

In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-35690 CRITICAL Act Now

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-24052 CRITICAL Act Now

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24051 CRITICAL Act Now

A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24049 CRITICAL Act Now

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Brute Force Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-21403 CRITICAL Act Now

In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21402 CRITICAL Act Now

In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21401 CRITICAL Act Now

In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21263 CRITICAL Act Now

In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21228 CRITICAL Act Now

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21218 CRITICAL Act Now

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21217 CRITICAL Act Now

In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21216 CRITICAL Act Now

In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21215 CRITICAL Act Now

In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21166 CRITICAL Act Now

In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21164 CRITICAL Act Now

In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21163 CRITICAL Act Now

In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-21162 CRITICAL Act Now

In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44305 CRITICAL Act Now

Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Dell Dm5500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-44302 CRITICAL Act Now

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Authentication Bypass Powerprotect Data Manager Dm5500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy