Skip to main content
CVE-2014-2023 CRITICAL POC Act Now

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tapatalk
NVD Exploit-DB GitHub
CVSS 3.0
9.8
EPSS
9.4%
CVE-2017-15907 CRITICAL POC Act Now

SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Phpcollab
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2012-1622 CRITICAL Act Now

Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Ofbiz
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-15919 CRITICAL Act Now

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP Ultimate Form Builder Lite
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-15909 CRITICAL Act Now

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dgs 1500 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-15366 CRITICAL Act Now

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ndoc
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy