Skip to main content
CVE-2023-26858 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Frequently Asked Questions Page
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1785 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Earnings And Expense Tracker App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28843 CRITICAL POC PATCH Act Now

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Paypal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28879 CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2023-28862 CRITICAL POC Act Now

An issue was discovered in LemonLDAP::NG before 2.16.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lemonldap
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-26829 CRITICAL POC Act Now

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centrestack
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1770 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1753 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27162 CRITICAL POC Act Now

{language}. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Openapi Generator
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-1784 CRITICAL Act Now

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jeecg Boot
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29141 CRITICAL PATCH Act Now

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23594 CRITICAL Act Now

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cl4Nx Plus Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1773 CRITICAL Act Now

A vulnerability was found in Rockoa 2.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Rockoa
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-0432 CRITICAL PATCH Act Now

The web configuration service of the affected device contains an authenticated command injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Command Injection Dx 2100L1 Cn Firmware
NVD
CVSS 3.1
9.0
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy