Skip to main content
CVE-2023-27823 CRITICAL POC THREAT Emergency

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.5%.

Authentication Bypass 1080Pstx
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
52.5%
Threat
5.0
CVE-2023-30247 CRITICAL POC Act Now

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Storage Unit Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31983 CRITICAL POC THREAT Act Now

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6428Ns Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.9%
CVE-2023-31985 CRITICAL POC Act Now

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6428Ns Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.1%
CVE-2023-30246 CRITICAL POC Act Now

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2676 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Magic R160 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2672 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32243 CRITICAL POC THREAT Act Now

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.4.0 through 5.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Essential Addons For Elementor
NVD
CVSS 3.1
9.8
EPSS
75.5%
CVE-2023-2669 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2668 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30330 CRITICAL POC Act Now

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Excellence Suite
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.9%
CVE-2023-29809 CRITICAL POC THREAT Act Now

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Companymaps
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2023-30192 CRITICAL POC Act Now

Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Possearchproducts
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-1096 CRITICAL Act Now

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snapcenter
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32306 CRITICAL Act Now

Time Tracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Time Tracker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27238 CRITICAL Act Now

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Lavalite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy