Skip to main content
CVE-2023-31752 CRITICAL POC Act Now

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee And Visitor Gate Pass Logging System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23306 CRITICAL POC Act Now

The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23305 CRITICAL POC Act Now

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23303 CRITICAL POC Act Now

The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23302 CRITICAL POC Act Now

The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23301 CRITICAL POC Act Now

The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23300 CRITICAL POC Act Now

The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23298 CRITICAL POC Act Now

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-33362 CRITICAL POC Act Now

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Piwigo
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2023-33361 CRITICAL POC Act Now

Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Piwigo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33338 CRITICAL POC Act Now

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Old Age Home Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-27068 CRITICAL POC Act Now

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Experience Platform
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-23304 CRITICAL POC Act Now

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Connect Iq
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-29919 CRITICAL POC THREAT Act Now

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
60.2%
CVE-2023-1508 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mobilmen El Terminali Yazilimi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-32697 CRITICAL PATCH Act Now

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Sqlite Jdbc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-28413 CRITICAL Act Now

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Snow Monkey Forms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-28409 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28408 CRITICAL Act Now

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27507 CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-27397 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27388 CRITICAL Act Now

Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-25953 CRITICAL Act Now

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Drive Explorer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31814 CRITICAL Act Now

D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link PHP Dir 300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy