Skip to main content
CVE-2023-27779 CRITICAL POC Act Now

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Am Presencia
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27748 CRITICAL POC Act Now

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dr750 2Ch Lte Firmware Dr750 2Ch Ir Lte Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27746 CRITICAL POC Act Now

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr750 2Ch Lte Firmware Dr750 2Ch Ir Lte Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29598 CRITICAL POC Act Now

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lmxcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27812 CRITICAL POC Act Now

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bloofoxcms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-27667 CRITICAL Act Now

Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Auto Dealer Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy