Skip to main content
CVE-2023-2160 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Modoboa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2152 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2151 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2149 CRITICAL POC Act Now

A vulnerability classified as critical was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2148 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2147 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2146 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2145 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2144 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-46640 CRITICAL Act Now

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nanoleaf Desktop
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-28004 CRITICAL PATCH Act Now

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Powerlogic Hdpm6000 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29412 CRITICAL PATCH Act Now

Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Java RCE Command Injection Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29411 CRITICAL PATCH Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28839 CRITICAL PATCH Act Now

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Shoppingfeed
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25550 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Struxureware Data Center Expert
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-25549 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Struxureware Data Center Expert
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2138 CRITICAL PATCH Act Now

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nuxt
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28863 CRITICAL Act Now

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy