Skip to main content
CVE-2023-27100 CRITICAL POC PATCH Act Now

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Pfsense Plus Pfsense
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.8%
CVE-2023-27060 CRITICAL POC Act Now

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Lightcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28667 CRITICAL POC Act Now

The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Lead Generated
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28662 CRITICAL POC THREAT Act Now

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gift Vouchers
NVD
CVSS 3.1
9.8
EPSS
42.2%
CVE-2023-27224 CRITICAL POC Act Now

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Nginx Proxy Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1571 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Datagear
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1566 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medical Certificate Generator App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27638 CRITICAL POC Act Now

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Custom Product Designer
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-27637 CRITICAL POC Act Now

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Custom Product Designer
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-1564 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1563 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1556 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Judging Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27855 CRITICAL POC THREAT Act Now

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Path Traversal Thinmanager
NVD
CVSS 3.1
9.8
EPSS
13.5%
CVE-2023-28725 CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
CVSS 3.1
9.1
EPSS
20.6%
CVE-2023-1561 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple Online Hotel Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1558 CRITICAL Act Now

A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1557 CRITICAL Act Now

A vulnerability was found in SourceCodester E-Commerce System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass E Commerce System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-25589 CRITICAL Act Now

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy