Skip to main content
CVE-2023-24646 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24084 CRITICAL POC Act Now

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Chikoi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25717 CRITICAL POC KEV PATCH THREAT Act Now

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Ruckus Wireless Admin Smartzone Ap Ruckus Smartzone Firmware
NVD
CVSS 3.1
9.8
EPSS
95.3%
CVE-2023-24188 CRITICAL POC Act Now

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ureport
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.5%
CVE-2023-25718 CRITICAL Act Now

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Control
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23551 CRITICAL Act Now

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection X 600M Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy