Skip to main content
CVE-2023-30189 CRITICAL POC Act Now

Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Posstaticblocks
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27742 CRITICAL POC Act Now

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idurar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31890 CRITICAL POC Act Now

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Glazed Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-31857 CRITICAL POC Act Now

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Computer And Laptop Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31856 CRITICAL POC Act Now

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-31587 CRITICAL POC PATCH Act Now

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Tenda Ac5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-31519 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2738 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29961 CRITICAL POC Act Now

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2499 CRITICAL PATCH Act Now

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google WordPress Registrationmagic
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32956 CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Command Injection Router Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy