Skip to main content
CVE-2022-45551 CRITICAL Act Now

An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.1% and no vendor patch available.

Authentication Bypass We1626 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
25.1%
CVE-2022-45553 CRITICAL POC Act Now

An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE We1626 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-26779 CRITICAL POC Act Now

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Yf Exam
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24643 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24642 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24641 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27290 CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM Observability With Instana
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
8.6%
CVE-2023-27574 CRITICAL PATCH Act Now

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apple Shadowsocksx Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-20078 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cisco Stack Overflow +17
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2023-0957 CRITICAL PATCH Act Now

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpod
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy