Skip to main content
CVE-2023-34960 CRITICAL POC THREAT Emergency

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 99.4%.

Command Injection Chamilo
NVD
CVSS 3.1
9.8
EPSS
99.4%
Threat
6.4
CVE-2023-36210 CRITICAL POC THREAT Act Now

MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Motocms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
28.6%
CVE-2023-37478 CRITICAL POC PATCH Act Now

pnpm is a package manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Pnpm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33562 CRITICAL Act Now

User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33561 CRITICAL Act Now

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33493 CRITICAL Act Now

An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ajaxmanager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4058 CRITICAL Act Now

Memory safety bugs present in Firefox 115. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4057 CRITICAL Act Now

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4056 CRITICAL Act Now

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31710 CRITICAL Act Now

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link Archer Ax21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy