Skip to main content
CVE-2023-3047 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
8.8%
CVE-2023-31541 CRITICAL POC Act Now

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ckeditor
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-3049 CRITICAL POC Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-2278 CRITICAL POC PATCH Act Now

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress PHP RCE Information Disclosure Path Traversal +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3048 CRITICAL POC Act Now

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-3050 CRITICAL POC Act Now

Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-29562 CRITICAL POC Act Now

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wpa7510 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27836 CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-3224 CRITICAL POC PATCH THREAT Act Now

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Nuxt
NVD GitHub
CVSS 3.1
9.8
EPSS
58.6%
CVE-2023-27837 CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-34944 CRITICAL PATCH Act Now

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Chamilo Lms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35064 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-34249 CRITICAL PATCH Act Now

benjjvi/PyBB is an open source bulletin board. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Pybb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2807 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30766 CRITICAL Act Now

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Kb Ahr04D Firmware Kb Ahr08D Firmware Kb Ahr16D Firmware Kb Irip04A Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30764 CRITICAL Act Now

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Kb Ahr04D Firmware Kb Ahr08D Firmware Kb Ahr16D Firmware Kb Irip04A Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-30762 CRITICAL Act Now

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Kb Ahr04D Firmware Kb Ahr08D Firmware Kb Ahr16D Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29129 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Saml
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27997 CRITICAL KEV EUVD KEV THREAT Act Now

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Fortinet Heap Overflow Fortiproxy +1
NVD
CVSS 3.1
9.8
EPSS
85.7%
CVE-2023-26204 CRITICAL Act Now

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortisiem
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-24470 CRITICAL Act Now

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Arcsight Logger
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy