Skip to main content
CVE-2023-34832 CRITICAL POC Act Now

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Archer Ax10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34659 CRITICAL POC THREAT Act Now

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
12.5%
CVE-2023-34548 CRITICAL POC Act Now

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35708 CRITICAL POC PATCH THREAT Act Now

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
96.7%
CVE-2023-35784 CRITICAL PATCH Act Now

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Libressl Openbsd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25366 CRITICAL Act Now

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sds 1104X E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35782 CRITICAL PATCH Act Now

The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Ipandlanguageredirect
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32754 CRITICAL Act Now

Thinking Software Efence login function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Efence
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32753 CRITICAL Act Now

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32752 CRITICAL Act Now

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Instantqos Instantscan
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy