Skip to main content
CVE-2023-40920 CRITICAL POC Act Now

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Prixanconnect
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43269 CRITICAL Act Now

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pigcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-44024 CRITICAL PATCH Act Now

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP SQLi One Page Checkout Social Login Mailchimp
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43983 CRITICAL PATCH Act Now

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Attribute Grid
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-43981 CRITICAL PATCH Act Now

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Test Site Creator
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32485 CRITICAL PATCH Act Now

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Dell Smartfabric Storage Software
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5423 CRITICAL Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-2306 CRITICAL Act Now

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nicevision
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy