Skip to main content
CVE-2023-41262 CRITICAL POC Act Now

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Scrutinizer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Procost
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kayisi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-23737 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Broken Link Checker
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5554 CRITICAL Act Now

Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Line
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-40833 CRITICAL Act Now

An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29453 CRITICAL Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45138 CRITICAL PATCH Act Now

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Change Request
NVD GitHub
CVSS 3.1
9.6
EPSS
71.2%
CVE-2023-32723 CRITICAL Act Now

Request to LDAP is sent before user permissions are checked. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy