Skip to main content
CVE-2023-39004 CRITICAL POC Act Now

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opnsense
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37068 CRITICAL POC Act Now

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Gym Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39008 CRITICAL POC PATCH Act Now

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opnsense
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-39001 CRITICAL POC PATCH Act Now

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Opnsense
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-39007 CRITICAL POC PATCH Act Now

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2023-33468 CRITICAL POC Act Now

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Via Go2 Firmware Via Connect2 Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-33241 CRITICAL POC Act Now

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Gg18 Gg20
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-3632 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kunduz
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-39969 CRITICAL PATCH Act Now

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Uthenticode
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34545 CRITICAL Act Now

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cszcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26310 CRITICAL Act Now

There is a command injection problem in the old version of the mobile phone backup app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Coloros
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33934 CRITICAL Act Now

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy