Skip to main content
CVE-2023-41442 CRITICAL POC Act Now

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Tor Loco Min Tor Equip Gateway Tor Shield +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-5245 CRITICAL POC PATCH Act Now

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Mleap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-47445 CRITICAL POC Act Now

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pre School Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48365 CRITICAL KEV THREAT Act Now

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Request Smuggling Microsoft Qlik Sense
NVD
CVSS 3.1
9.9
EPSS
24.7%
CVE-2023-47308 CRITICAL PATCH Act Now

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Newsletterpop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43979 CRITICAL PATCH Act Now

ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Ybc Blog
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39335 CRITICAL Act Now

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-48224 CRITICAL PATCH Act Now

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fides
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-47678 CRITICAL Act Now

An improper access control vulnerability exists in RT-AC87U all versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac87U Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-39337 CRITICAL Act Now

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Manager Mobile
NVD
CVSS 3.1
9.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy