Skip to main content
CVE-2023-46990 CRITICAL POC Act Now

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-5652 CRITICAL POC THREAT Act Now

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi Wp Hotel Booking
NVD WPScan
CVSS 3.1
9.8
EPSS
63.7%
CVE-2023-5640 CRITICAL POC Act Now

The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Article Analytics
NVD WPScan
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5340 CRITICAL POC Act Now

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Five Star Restaurant Menu
NVD WPScan
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46302 CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-48176 CRITICAL Act Now

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Websiteguide
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38823 CRITICAL Act Now

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tenda Ac6 Firmware Ac9 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38880 CRITICAL Act Now

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35762 CRITICAL Act Now

Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29155 CRITICAL Act Now

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46700 CRITICAL Act Now

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy