Skip to main content
CVE-2023-29778 CRITICAL POC THREAT Emergency

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.7%.

Command Injection Gl Mt3000 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
17.7%
Threat
4.0
CVE-2023-2479 CRITICAL POC PATCH THREAT Act Now

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Appium Desktop
NVD GitHub
CVSS 3.1
9.8
EPSS
22.0%
CVE-2023-30869 CRITICAL POC PATCH Act Now

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-1730 CRITICAL POC THREAT Act Now

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Supportcandy
NVD WPScan
CVSS 3.1
9.8
EPSS
40.6%
CVE-2023-26089 CRITICAL Act Now

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iuclid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29856 CRITICAL Act Now

D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 868l Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy