Skip to main content
CVE-2023-5204 CRITICAL POC PATCH THREAT Act Now

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

SQLi WordPress Wpbot
NVD VulDB
CVSS 3.1
9.8
EPSS
87.0%
Threat
6.1
CVE-2023-30131 CRITICAL POC Act Now

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Easyinstall
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45376 CRITICAL POC Act Now

In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Carousels Pack
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43492 CRITICAL POC Act Now

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46042 CRITICAL POC THREAT Act Now

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Getsimplecms
NVD GitHub
CVSS 3.1
9.8
EPSS
22.6%
CVE-2022-37830 CRITICAL POC Act Now

Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webjet Cms
NVD VulDB
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-45992 CRITICAL POC Act Now

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Ruckus Cloudpath Enrollment System
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-45278 CRITICAL POC PATCH Act Now

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Yamcs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2023-5241 CRITICAL PATCH Act Now

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress PHP Wpbot
NVD VulDB
CVSS 3.1
9.6
EPSS
2.4%
CVE-2023-45379 CRITICAL Act Now

In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Posrotatorimg
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38584 CRITICAL Act Now

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-45381 CRITICAL Act Now

In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Creativepopup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-43986 CRITICAL Act Now

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Configurator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-35187 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-35184 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35182 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-45384 CRITICAL Act Now

KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Supercheckout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37503 CRITICAL Act Now

HCL Compass is vulnerable to insecure password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Hcl Compass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5212 CRITICAL PATCH Act Now

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wpbot
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-41897 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Home Assistant
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-41895 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Home Assistant
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-41896 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js XSS Home Assistant Home Assistant Js Websocket
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy