Skip to main content
CVE-2023-49442 CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
CVSS 3.1
9.8
EPSS
55.5%
CVE-2023-50253 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2023-51784 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.5.0 through 1.9.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Code Injection Inlong
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2023-46308 CRITICAL PATCH Act Now

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Plotly Js
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-50090 CRITICAL Act Now

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ureport2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50921 CRITICAL Act Now

An issue was discovered on GL.iNet devices through 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gl Mt1300 Firmware Gl Mt300N V2 Firmware Gl Ar750S Firmware Gl Ar750 Firmware +8
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-52314 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52311 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in _wget_download. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-52310 CRITICAL PATCH Act Now

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-39655 CRITICAL Act Now

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy