Skip to main content
CVE-2023-44974 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2023-44973 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33273 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33272 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33271 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-33270 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33269 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-33268 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5350 CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2023-39647 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Product
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39651 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Brandlist
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39649 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Slider
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39648 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Testimonial
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39646 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Chain Slider
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39645 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cms Payment Icon
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-40830 CRITICAL Act Now

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3654 CRITICAL Act Now

cashIT!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cashit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-3656 CRITICAL Act Now

cashIT!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Cashit
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33028 CRITICAL Act Now

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +172
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-24855 CRITICAL Act Now

Memory corruption in Modem while processing security related configuration before AS Security Exchange. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Ar8035 Firmware Fastconnect 6200 Firmware +59
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22385 CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +235
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy