Skip to main content
CVE-2023-33532 CRITICAL POC THREAT Emergency

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

Command Injection Netgear R6250 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
19.4%
Threat
4.0
CVE-2023-31569 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-34111 CRITICAL POC Act Now

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Grafana
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-34409 CRITICAL Act Now

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Monitoring And Management
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-29632 CRITICAL PATCH Act Now

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Jmspagebuilder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32628 CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32540 CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy