Skip to main content
CVE-2023-41887 CRITICAL POC PATCH THREAT Act Now

OpenRefine is a powerful free, open source tool for working with messy data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi Openrefine
NVD GitHub
CVSS 3.1
9.8
EPSS
45.5%
CVE-2023-38507 CRITICAL POC PATCH Act Now

Strapi is the an open-source headless content management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Strapi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42398 CRITICAL POC Act Now

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4974 CRITICAL POC Act Now

A vulnerability was found in Academy LMS 6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Academy Lms
NVD VulDB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2023-39643 CRITICAL POC Act Now

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xmlfeeds Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39642 CRITICAL POC Act Now

Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cartsguru
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39641 CRITICAL POC Act Now

Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Full Affiliates
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39639 CRITICAL POC Act Now

LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Leoblog
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4662 CRITICAL Act Now

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4661 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4835 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Petroleum Management Software Application
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4833 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.0.2309.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Besttem Network Marketing
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4670 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Innosa Probbys
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4231 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Informatics Online Payment System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4830 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Signalix
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4673 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Turasistan
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-0923 CRITICAL Act Now

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Openshift Data Science
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28614 CRITICAL Act Now

Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Smart Trade
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-4988 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4831 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ncode Ncep
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-36659 CRITICAL Act Now

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Metadefender Kiosk
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36657 CRITICAL Act Now

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Metadefender Kiosk
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36735 CRITICAL PATCH Act Now

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
9.6
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy