Skip to main content
CVE-2023-34257 CRITICAL POC Act Now

An issue was discovered in BMC Patrol through 23.1.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Patrol Agent
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33735 CRITICAL POC THREAT Act Now

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.6%
CVE-2023-33730 CRITICAL POC Act Now

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29747 CRITICAL POC Act Now

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Story Saver For Instagram Video Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33509 CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Via Go2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33508 CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Via Go2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-33487 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-33486 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-3004 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Chat System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3003 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Train Station Ticketing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28347 CRITICAL POC Act Now

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microsoft Insight
NVD
CVSS 3.1
9.6
EPSS
2.8%
CVE-2023-2909 CRITICAL Act Now

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adm
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-2987 CRITICAL PATCH Act Now

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Wordapp
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-33967 CRITICAL PATCH Act Now

EaseProbe is a tool that can do health/status checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PostgreSQL SQLi Easeprobe
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33966 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deno Deno Runtime
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3015 CRITICAL Act Now

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Vip Video Analysis
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34218 CRITICAL Act Now

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3008 CRITICAL Act Now

A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3007 CRITICAL Act Now

A vulnerability was found in ningzichun Student Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25539 CRITICAL Act Now

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Command Injection Dell Networker
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy