Skip to main content
CVE-2023-6879 CRITICAL POC PATCH Act Now

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Aomedia Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-51084 CRITICAL POC Act Now

hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hyavijava
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-47883 CRITICAL POC Act Now

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Tv Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43955 CRITICAL POC Act Now

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Tv Bro
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43481 CRITICAL POC Act Now

An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Browser Tv Web Browsehere
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51664 CRITICAL POC PATCH Act Now

tj-actions/changed-files is a Github action to retrieve all files and directories. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Changed Files
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-7116 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Datax Web
NVD VulDB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2023-6190 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal University Information Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49001 CRITICAL Act Now

An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Indi Browser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49000 CRITICAL Act Now

An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Artisbrowser
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52077 CRITICAL PATCH Act Now

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Nexkey
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51700 CRITICAL PATCH Act Now

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE WordPress Deserialization Unofficial Mobile Bankid Integration
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy