Skip to main content
CVE-2023-43141 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43457 CRITICAL POC Act Now

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Service Provider Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-4521 CRITICAL POC THREAT Act Now

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Import Xml And Rss Feeds
NVD WPScan
CVSS 3.1
9.8
EPSS
39.3%
CVE-2023-4490 CRITICAL POC Act Now

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Job Portal
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-40163 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39453 CRITICAL POC Act Now

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-35002 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32614 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32284 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43131 CRITICAL POC Act Now

General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow General Device Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41419 CRITICAL POC PATCH Act Now

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Gevent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43644 CRITICAL PATCH Act Now

Sing-box is an open source proxy system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sing Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39640 CRITICAL PATCH Act Now

UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cookie Law
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0626 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0625 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41297 CRITICAL Act Now

Vulnerability of defects introduced in the design process in the HiviewTunner module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41294 CRITICAL Act Now

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41296 CRITICAL Act Now

Vulnerability of missing authorization in the kernel module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-39407 CRITICAL Act Now

The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy