Skip to main content
CVE-2023-36655 CRITICAL POC Act Now

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cryptospike
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48849 CRITICAL POC Act Now

Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rg Eg1000C Firmware Rg Eg1000E Firmware Rg Eg105G Firmware Rg Eg105G V2 Firmware +17
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48930 CRITICAL POC Act Now

xinhu xinhuoa 2.2.1 contains a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Xinhu
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46353 CRITICAL Act Now

In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Product Tag Icons Pro
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6458 CRITICAL PATCH Act Now

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Path Traversal Mattermost Server
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46773 CRITICAL Act Now

Permission management vulnerability in the PMS module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22524 CRITICAL Act Now

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Atlassian Companion
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-41268 CRITICAL PATCH Act Now

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.0.0 through 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Samsung Escargot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy