Skip to main content
CVE-2024-21887 CRITICAL POC KEV THREAT Emergency

Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE.

NVD
CVSS 3.1
9.1
EPSS
94.4%
Threat
9.7
CVE-2023-7028 CRITICAL POC KEV THREAT Emergency

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Gitlab Information Disclosure
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
93.5%
Threat
7.8
CVE-2023-50919 CRITICAL POC THREAT Emergency

An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Authentication Bypass Nginx Gl Ax1800 Firmware Gl Axt1800 Firmware Gl Mt3000 Firmware +9
NVD GitHub
CVSS 3.1
9.8
EPSS
52.3%
Threat
5.0
CVE-2023-52026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-51698 CRITICAL POC PATCH Act Now

Atril is a simple multi-page document viewer. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Atril
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2023-30016 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30015 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30014 CRITICAL POC Act Now

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37117 CRITICAL POC Act Now

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Live555
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-49569 CRITICAL PATCH Act Now

A path traversal vulnerability was discovered in go-git versions prior to v5.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Go Git
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-48620 CRITICAL PATCH Act Now

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libeuv
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49253 CRITICAL Act Now

Root user password is hardcoded into the device and cannot be changed in the user interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49255 CRITICAL Act Now

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2016-20021 CRITICAL PATCH Act Now

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Portage
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-49262 CRITICAL Act Now

The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow H8951 4G Esp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-31030 CRITICAL Act Now

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-31029 CRITICAL Act Now

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-31024 CRITICAL Act Now

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-22206 CRITICAL PATCH This Week

Clerk helps developers build user management. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Privilege Escalation JavaScript
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-21591 CRITICAL POC THREAT Act Now

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

Buffer Overflow Denial Of Service Juniper Memory Corruption RCE +1
NVD
CVSS 3.1
9.8
EPSS
25.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy