Skip to main content
CVE-2023-41630 CRITICAL POC Act Now

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Esst Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45952 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45951 CRITICAL POC Act Now

lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27133 CRITICAL POC Act Now

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tsplus Remote Work
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27132 CRITICAL POC Act Now

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tsplus Remote Work
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44694 CRITICAL POC Act Now

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-44693 CRITICAL POC THREAT Act Now

D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.3%
CVE-2023-45386 CRITICAL POC Act Now

In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Extra Tabs Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-22089 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-22072 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-22069 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy