Skip to main content
CVE-2023-34362 CRITICAL POC KEV THREAT Emergency

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Moveit Cloud Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2023-33762 CRITICAL POC Act Now

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simpleredak
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33675 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-33673 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33671 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33670 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33669 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-3069 CRITICAL POC PATCH Act Now

Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Corebos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3068 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30149 CRITICAL POC THREAT Act Now

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi City Autocomplete
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-3062 CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Agro School Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3061 CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical.php of the component Attachment Image Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Agro School Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33476 CRITICAL POC PATCH Act Now

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Readymedia
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-3059 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3057 CRITICAL POC Act Now

A vulnerability was found in YFCMF up to 3.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yfcmf Tp6
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3056 CRITICAL POC Act Now

A vulnerability was found in YFCMF up to 3.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yfcmf Tp6
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29746 CRITICAL POC Act Now

An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google The Thaiger
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-3000 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-30604 CRITICAL Act Now

It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Coda 5310 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30603 CRITICAL Act Now

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coda 5310 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28701 CRITICAL Act Now

ELITE TECHNOLOGY CORP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webfax
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28698 CRITICAL Act Now

Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fantsy
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy