Skip to main content
CVE-2023-28769 CRITICAL POC Emergency

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Dx5401 B0 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-47758 CRITICAL POC Act Now

Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Nanoleaf Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2297 CRITICAL POC PATCH Act Now

The Profile Builder - User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Profile Builder
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-2348 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2347 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2346 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30349 CRITICAL POC Act Now

JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-2344 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1967 CRITICAL Act Now

Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization N8844A
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2158 CRITICAL Act Now

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Code Dx
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2345 CRITICAL Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Service Provider Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1778 CRITICAL Act Now

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Security Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28697 CRITICAL Act Now

Moxa MiiNePort E1 has a vulnerability of insufficient access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Miineport E1 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-20853 CRITICAL Act Now

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization A Hrd
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-20852 CRITICAL Act Now

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization A Hrd
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy