Skip to main content
CVE-2023-50252 CRITICAL POC PATCH THREAT Act Now

php-svg-lib is an SVG file parsing / rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Deserialization Php Svg Lib
NVD GitHub
CVSS 3.1
9.8
EPSS
23.9%
CVE-2023-43364 CRITICAL POC PATCH Act Now

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Searchor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-48225 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-36649 CRITICAL POC Act Now

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Cryptospike
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-6593 CRITICAL Act Now

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46456 CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gl Ar300M Firmware
NVD
CVSS 3.1
9.8
EPSS
24.7%
CVE-2023-46454 CRITICAL Act Now

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gl Ar300M Firmware
NVD
CVSS 3.1
9.8
EPSS
23.5%
CVE-2023-48427 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Sinec Ins
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41117 CRITICAL Act Now

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-50424 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Privilege Escalation Cloud Security Client Go
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50423 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Python Privilege Escalation Sap Xssec
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50422 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Privilege Escalation Cloud Security Services Integration Library
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49583 CRITICAL PATCH Act Now

SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Node.js Privilege Escalation Sap Xssec
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49581 CRITICAL Act Now

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Microsoft SQLi Netweaver Application Server Abap
NVD
CVSS 3.1
9.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy