Skip to main content
CVE-2023-29357 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Sharepoint Server
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2023-34752 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-30150 CRITICAL POC Act Now

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Leocustomajax
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-34095 CRITICAL POC PATCH Act Now

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Cpdb Libs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-25367 CRITICAL POC Act Now

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34540 CRITICAL POC PATCH Act Now

Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Atlassian Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34865 CRITICAL POC Act Now

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-34756 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34755 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34754 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-34753 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34751 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34750 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34747 CRITICAL POC THREAT Act Now

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.0%
CVE-2023-3238 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3237 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS up to 6.62. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3234 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3232 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31746 CRITICAL Act Now

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vw2100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-1329 CRITICAL Act Now

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Color Laserjet Enterprise Mfp M577 B5L46A Firmware Color Laserjet Enterprise Mfp M577 B5L47A Firmware Color Laserjet Enterprise Mfp M577 B5L48A Firmware Color Laserjet Enterprise Mfp M577 B5L54A Firmware +950
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31671 CRITICAL PATCH Act Now

PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Postfinance
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32015 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-32014 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-29363 CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-34101 CRITICAL PATCH Act Now

Contiki-NG is an operating system for internet of things devices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy