Skip to main content
CVE-2023-46747 CRITICAL POC KEV EUVD KEV THREAT Emergency

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Carrier Grade Nat +16
NVD
CVSS 3.1
9.8
EPSS
96.5%
CVE-2023-43208 CRITICAL POC KEV THREAT Emergency

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Mirth Connect
NVD
CVSS 3.1
9.8
EPSS
82.7%
CVE-2023-5805 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42406 CRITICAL POC Act Now

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-5804 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-44267 CRITICAL POC Act Now

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Art Gallery
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5794 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Catering Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46435 CRITICAL POC Act Now

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Packers And Movers Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5792 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sticky Notes App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5790 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP File Manager App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5784 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5782 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5781 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5780 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tongda OA 2017 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45869 CRITICAL POC Act Now

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ilias
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2023-46665 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39726 CRITICAL Act Now

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mintty
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5754 CRITICAL Act Now

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46661 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0897 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42769 CRITICAL Act Now

The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46664 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-41095 CRITICAL Act Now

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openthread Sdk
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-46668 CRITICAL Act Now

If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Endpoint
NVD
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy