Skip to main content
CVE-2023-2982 CRITICAL POC THREAT Emergency

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Google WordPress Authentication Bypass Wordpress Social Login And Register Discord Google Twitter Linkedin
NVD VulDB
CVSS 3.1
9.8
EPSS
70.1%
Threat
5.6
CVE-2023-26616 CRITICAL POC Act Now

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26613 CRITICAL POC THREAT Act Now

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
31.4%
CVE-2023-26612 CRITICAL POC Act Now

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34849 CRITICAL POC Act Now

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ikuaios
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-34844 CRITICAL POC Act Now

Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Play With Docker
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34598 CRITICAL POC THREAT Act Now

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gibbon
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2023-3458 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3457 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34735 CRITICAL POC Act Now

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Property Cloud Platform Management Center
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34487 CRITICAL POC Act Now

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34738 CRITICAL POC Act Now

Chemex through 3.7.1 is vulnerable to arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chemex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33190 CRITICAL PATCH Act Now

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Sealos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36487 CRITICAL Act Now

The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ilias
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35830 CRITICAL Act Now

STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Tcg 4 Firmware Tcg 4Lite Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy