Skip to main content
CVE-2023-24720 CRITICAL POC Act Now

An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Readium Js
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1886 CRITICAL POC PATCH Act Now

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1877 CRITICAL POC PATCH Act Now

Command Injection in GitHub repository microweber/microweber prior to 1.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-20073 CRITICAL POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
88.9%
CVE-2023-25330 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mybatis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1856 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1854 CRITICAL POC Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1850 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1849 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1848 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1847 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1846 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1845 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29374 CRITICAL POC PATCH THREAT Act Now

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
39.7%
CVE-2022-4939 CRITICAL PATCH Act Now

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation Wcfm Membership
NVD VulDB
CVSS 3.1
9.8
EPSS
7.3%
CVE-2023-1708 CRITICAL Act Now

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1782 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Nomad
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1788 CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy