Skip to main content
CVE-2023-42405 CRITICAL POC Act Now

SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Rackshift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39638 CRITICAL POC Act Now

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 859 A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-38912 CRITICAL POC Act Now

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Php Script
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-37756 CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37755 CRITICAL POC Act Now

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41011 CRITICAL POC Act Now

Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Intelligent Home Gateway Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-4972 CRITICAL Act Now

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Yepas
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4766 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Movus
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4832 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Company Management
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4669 CRITICAL Act Now

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.2.20.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysguard 3001 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4702 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Yepas
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-30909 CRITICAL Act Now

A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38204 CRITICAL Act Now

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
65.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy