Skip to main content
CVE-2023-34575 CRITICAL POC Act Now

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Op Art Save Cart
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-38888 CRITICAL POC PATCH Act Now

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Dolibarr Erp Crm
NVD VulDB
CVSS 3.1
9.6
EPSS
1.2%
CVE-2023-43135 CRITICAL POC Act Now

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39675 CRITICAL POC Act Now

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Catalog Csv Excel Import
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36109 CRITICAL POC Act Now

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Jerryscript
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-43134 CRITICAL POC Act Now

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 360R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43374 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-43373 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-43371 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5074 CRITICAL POC THREAT Act Now

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass D View 8
NVD
CVSS 3.1
9.8
EPSS
67.9%
CVE-2023-43478 CRITICAL POC THREAT Act Now

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Arcadyan Lh1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
17.4%
CVE-2023-43207 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43206 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43204 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43203 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43202 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43201 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43200 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43199 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43198 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43197 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43196 CRITICAL POC Act Now

D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42322 CRITICAL Act Now

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43375 CRITICAL Act Now

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40619 CRITICAL Act Now

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Deserialization Phppgadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2262 CRITICAL Act Now

A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rockwell RCE 1756 En2T Series A Firmware +32
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42464 CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-31009 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25534 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-25533 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25531 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-25530 CRITICAL Act Now

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Information Disclosure Denial Of Service Dgx H100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25528 CRITICAL Act Now

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Denial Of Service RCE Stack Overflow +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-22644 CRITICAL PATCH Act Now

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Manager Server
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2023-0462 CRITICAL Act Now

An arbitrary code execution flaw was found in Foreman. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Foreman Satellite
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-0118 CRITICAL Act Now

An arbitrary code execution flaw was found in Foreman. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Foreman Satellite
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-0829 CRITICAL Act Now

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plesk
NVD
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy