Skip to main content
CVE-2023-3460 CRITICAL POC THREAT Act Now

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Ultimate Member
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
72.3%
CVE-2023-3504 CRITICAL Act Now

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Smartweb Infotech Job Board
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-21631 CRITICAL Act Now

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5G Firmware 9205 Firmware Apq8017 Firmware Apq8037 Firmware +151
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-30990 CRITICAL PATCH Act Now

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy