Skip to main content
CVE-2023-34132 CRITICAL POC Emergency

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-34124 CRITICAL POC THREAT Emergency

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonicwall Analytics Global Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
43.7%
CVE-2023-3342 CRITICAL POC PATCH Act Now

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress File Upload User Registration
NVD VulDB
CVSS 3.1
9.9
EPSS
6.4%
CVE-2023-37839 CRITICAL POC Act Now

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30151 CRITICAL POC Act Now

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Envoimoinscher
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-31704 CRITICAL POC Act Now

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Computer And Laptop Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1547 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Parkmatik
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-35070 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2957 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Florist Site
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-37267 CRITICAL PATCH Act Now

Umbraco is a ASP.NET CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3661 CRITICAL Act Now

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-2003 CRITICAL Act Now

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vision1210 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3658 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-25178 CRITICAL Act Now

Controller may be loaded with malicious firmware which could enable remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Honeywell C300 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3657 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0.php?f=save_book of the component HTTP POST Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38199 CRITICAL PATCH Act Now

coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Authentication Bypass Coreruleset
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38198 CRITICAL Act Now

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Acme Sh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34137 CRITICAL Act Now

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability.3.2-SP1 and earlier versions;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34136 CRITICAL Act Now

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker.3.2-SP1 and earlier versions; Analytics:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37567 CRITICAL Act Now

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc 1167Ghbk3 A Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-34130 CRITICAL Act Now

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-34128 CRITICAL Act Now

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-21250 CRITICAL PATCH Act Now

In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-20918 CRITICAL PATCH Act Now

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37278 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy