Skip to main content
CVE-2023-22518 CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-5360 CRITICAL POC THREAT Emergency

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Royal Elementor Addons
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
81.7%
CVE-2023-46485 CRITICAL POC Act Now

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46484 CRITICAL POC Act Now

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46256 CRITICAL POC Act Now

PX4-Autopilot provides PX4 flight control solution for drones. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46993 CRITICAL POC Act Now

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46979 CRITICAL POC Act Now

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46977 CRITICAL POC Act Now

TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr1200Gb Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2023-46976 CRITICAL POC Act Now

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46356 CRITICAL POC Act Now

In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csv Feeds Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5865 CRITICAL POC PATCH Act Now

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42425 CRITICAL Act Now

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Edge Evc5Fd Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36263 CRITICAL PATCH Act Now

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Op Art Limit Quantity
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-46249 CRITICAL PATCH Act Now

authentik is an open-source Identity Provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43139 CRITICAL Act Now

An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Command Injection Franfinance
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47174 CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Sftp Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45378 CRITICAL PATCH Act Now

In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Prestablog
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27846 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Theme Volty Cms Blog
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy