Skip to main content
CVE-2023-6188 CRITICAL POC Act Now

A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Getsimplecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-44353 CRITICAL POC THREAT Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
80.2%
CVE-2023-48031 CRITICAL POC Act Now

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Opensupports
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-48078 CRITICAL POC Act Now

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Crud Functionality
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48659 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.176. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48658 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.176. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48657 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.176. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48656 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.176. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48655 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.176. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44351 CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
50.2%
CVE-2023-44350 CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
64.6%
CVE-2023-44324 CRITICAL Act Now

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Framemaker Publishing Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-41101 CRITICAL PATCH Act Now

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Opennds
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-38316 CRITICAL PATCH Act Now

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Captive Portal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48648 CRITICAL PATCH Act Now

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45387 CRITICAL PATCH Act Now

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Exportproducts
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy