Skip to main content
CVE-2023-27232 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-27231 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27229 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-1675 CRITICAL POC Act Now

A vulnerability was found in SourceCodester School Registration and Fee System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1674 CRITICAL POC Act Now

A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical.php of the component POST Parameter Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27821 CRITICAL POC Act Now

Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28712 CRITICAL Act Now

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28654 CRITICAL Act Now

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28631 CRITICAL PATCH Act Now

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Comrak
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28398 CRITICAL Act Now

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27886 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27394 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-28326 CRITICAL PATCH Act Now

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openmeetings
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy