Skip to main content
CVE-2023-46482 CRITICAL POC Act Now

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1719 CRITICAL POC Act Now

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Bitrix24
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2023-1717 CRITICAL POC Act Now

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitrix24
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2023-1716 CRITICAL POC Act Now

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bitrix24
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-20048 CRITICAL Act Now

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Firewall Management Center
NVD
CVSS 3.1
9.9
EPSS
15.8%
CVE-2023-44025 CRITICAL Act Now

SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Free Gifts
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39281 CRITICAL Act Now

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Insydeh2o
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5766 CRITICAL Act Now

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5765 CRITICAL Act Now

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy