Skip to main content
CVE-2023-2215 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-2206 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1892 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sidekiq
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%
CVE-2023-2227 CRITICAL POC PATCH THREAT Act Now

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Modoboa
NVD GitHub
CVSS 3.1
9.1
EPSS
43.8%
CVE-2023-30621 CRITICAL PATCH Act Now

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Gipsy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-29924 CRITICAL Act Now

PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2231 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Max G866Ac Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-2218 CRITICAL Act Now

A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2217 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26556 CRITICAL PATCH Act Now

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy