Skip to main content
CVE-2020-29297 CRITICAL POC Act Now

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-23607 CRITICAL POC PATCH Act Now

erohtar/Dasherr is a dashboard for self-hosted services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP Dasherr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-23489 CRITICAL POC THREAT Act Now

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
11.2%
CVE-2023-23488 CRITICAL POC THREAT Act Now

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Paid Memberships Pro
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.5%
CVE-2023-24028 CRITICAL PATCH Act Now

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Misp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20025 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv016 Firmware Rv042 Firmware Rv042G Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-22964 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.1
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy