Skip to main content
CVE-2023-43130 CRITICAL POC Act Now

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43129 CRITICAL POC Act Now

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43270 CRITICAL POC Act Now

dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dst Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-43144 CRITICAL POC Act Now

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Asset Management System Project In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31719 CRITICAL POC THREAT Act Now

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuxa
NVD GitHub
CVSS 3.1
9.8
EPSS
27.4%
CVE-2023-40989 CRITICAL PATCH Act Now

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-43762 CRITICAL Act Now

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Policy Manager Policy Manager Proxy
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23364 CRITICAL Act Now

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Multimedia Console
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23363 CRITICAL Act Now

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42798 CRITICAL PATCH Act Now

AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Automataci
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy