Skip to main content
CVE-2023-24774 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1311 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1310 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1309 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1308 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1307 CRITICAL POC PATCH Act Now

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Froxlor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1091 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Licensed Warehousing Automation System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1198 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Starcities
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25143 CRITICAL Act Now

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27853 CRITICAL Act Now

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Rax30 Firmware
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2023-27852 CRITICAL Act Now

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Rax30 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-26075 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 850 Firmware Exynos 980 Firmware Exynos 1080 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1322 CRITICAL Act Now

A vulnerability was found in lmxcms 1.41 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lmxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1321 CRITICAL Act Now

A vulnerability has been found in lmxcms 1.41 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lmxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27905 CRITICAL PATCH Act Now

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Update Center2
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2023-27898 CRITICAL PATCH Act Now

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
9.6
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy