Skip to main content
CVE-2023-1133 CRITICAL POC THREAT Emergency

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD GitHub
CVSS 3.1
9.8
EPSS
50.0%
CVE-2023-1665 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Twake
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1666 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27847 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xipblog
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-28102 CRITICAL POC PATCH Act Now

discordrb is an implementation of the Discord API using Ruby. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Discordrb
NVD GitHub
CVSS 3.1
9.6
EPSS
2.5%
CVE-2023-25261 CRITICAL Act Now

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Designer Viewer
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-1399 CRITICAL Act Now

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization N6854A Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1142 CRITICAL Act Now

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1140 CRITICAL Act Now

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26959 CRITICAL Act Now

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Park Ticketing Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25909 CRITICAL Act Now

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24838 CRITICAL Act Now

HGiga PowerStation has a vulnerability of Information Leakage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Powerstation Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28883 CRITICAL PATCH Act Now

In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cerebrate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy