Skip to main content
CVE-2023-3277 CRITICAL POC THREAT Emergency

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Apple WordPress Privilege Escalation Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
38.2%
Threat
4.6
CVE-2023-46404 CRITICAL POC PATCH Act Now

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Pcrs
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2023-46980 CRITICAL POC Act Now

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3961 CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba Storage Enterprise Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-46817 CRITICAL POC Act Now

An issue was discovered in phpFox before 4.8.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Phpfox
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-38965 CRITICAL POC Act Now

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Lost And Found Information System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46954 CRITICAL POC Act Now

SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Relativityone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25960 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop - Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zendrop
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-36529 CRITICAL Act Now

A vulnerability in Favethemes Houzez CRM houzez-crm.3.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-23369 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Multimedia Console Media Streaming Add On
NVD
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-23368 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero Qutscloud
NVD
CVSS 3.1
9.8
EPSS
18.7%
CVE-2023-4591 CRITICAL Act Now

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Wpn Xm
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5763 CRITICAL PATCH Act Now

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41355 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nokia G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41351 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43982 CRITICAL Act Now

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Socialfeed Photos Video Using Instagram Api
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41350 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36621 CRITICAL Act Now

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Boomerang
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy