Skip to main content
CVE-2023-26949 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Onekeyadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24736 CRITICAL POC Act Now

PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24734 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free File Upload RCE Memory Corruption PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.7%
CVE-2023-24776 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0839 CRITICAL Act Now

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inscada
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-0979 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Meddatapacs
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-22344 CRITICAL Act Now

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Rakuraku Pc Cloud Agent Ss1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22336 CRITICAL Act Now

Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Rakuraku Pc Cloud Agent Ss1
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy