Skip to main content
CVE-2023-37771 CRITICAL POC Act Now

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34635 CRITICAL POC Act Now

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Unibox Administration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-35861 CRITICAL POC Act Now

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H12Dst B Firmware X13Dai T Firmware X13Ddw A Firmware X13Deg Oa Firmware +161
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-34842 CRITICAL Act Now

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Dedecms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37647 CRITICAL Act Now

SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Semcms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39122 CRITICAL Act Now

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control M
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36092 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 859 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36091 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 895L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36090 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 885L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36089 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 645 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34644 CRITICAL PATCH Act Now

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rg Ew1200R Firmware Rg Ew300 Firmware Rg Ew3200Gx Firmware +62
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-4006 CRITICAL PATCH Act Now

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4005 CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy