Skip to main content
CVE-2023-24114 CRITICAL POC Act Now

typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Typecho
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24093 CRITICAL POC Act Now

An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A210 G Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25813 CRITICAL POC PATCH Act Now

Sequelize is a Node.js ORM tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0963 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-0961 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-0960 CRITICAL POC Act Now

A vulnerability was found in SeaCMS 11.6 and classified as problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Seacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24108 CRITICAL POC Act Now

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mvctools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24107 CRITICAL POC Act Now

hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Hour Of Code Python 2015
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0947 CRITICAL POC PATCH Act Now

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Flatpress
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-24812 CRITICAL PATCH Act Now

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Misskey
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy