Skip to main content
CVE-2023-29199 CRITICAL POC PATCH Act Now

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
3.9%
CVE-2023-27654 CRITICAL POC Act Now

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Who
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2056 CRITICAL POC Act Now

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Dedecms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29805 CRITICAL POC Act Now

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wfs Sr03W Firmware Wfs Sr03K Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-29803 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-29802 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29801 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29800 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29799 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29798 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27648 CRITICAL POC Act Now

Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Change Color Of Keypad
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-2037 CRITICAL POC Act Now

A vulnerability was found in Campcodes Video Sharing Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29622 CRITICAL POC Act Now

Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Purchase Order Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26918 CRITICAL POC Act Now

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Replication Pro
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.1%
CVE-2023-1863 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.04.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi El Terminali Su Okuma Uygulamalarimiz
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1833 CRITICAL Act Now

Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1803 CRITICAL Act Now

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1617 CRITICAL Act Now

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vc4
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2043 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control Id Rhid
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy