Skip to main content
CVE-2023-25157 CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
85.2%
CVE-2023-24320 CRITICAL POC Act Now

An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Axcora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-0938 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-0935 CRITICAL POC Act Now

A vulnerability was found in DolphinPHP up to 1.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Dolphinphp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2023-0232 CRITICAL POC PATCH Act Now

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection WordPress PHP Shoplentor
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-26234 CRITICAL POC Act Now

JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jd Gui
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24080 CRITICAL Act Now

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Myq
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25657 CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Nautobot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-25158 CRITICAL PATCH Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Geotools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0946 CRITICAL Act Now

A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Pos Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22920 CRITICAL Act Now

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Lte3202 M437 Firmware Lte3316 M604 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24184 CRITICAL Act Now

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy