Skip to main content
CVE-2023-48188 CRITICAL POC Act Now

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Op Art Devis
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-49044 CRITICAL POC Act Now

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-6329 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Idsecure
NVD
CVSS 3.1
9.8
EPSS
65.2%
CVE-2023-5974 CRITICAL POC Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-5604 CRITICAL POC Act Now

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress PHP Asgaros Forum
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-4922 CRITICAL POC THREAT Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
15.7%
CVE-2023-49042 CRITICAL POC Act Now

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49040 CRITICAL POC Act Now

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-42000 CRITICAL POC Act Now

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Udp
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-41999 CRITICAL POC Act Now

An authentication bypass exists in Arcserve UDP prior to version 9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-41998 CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2023-49046 CRITICAL POC Act Now

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49043 CRITICAL POC THREAT Act Now

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.2%
CVE-2023-6309 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Mosesdecoder
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-6306 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6305 CRITICAL POC PATCH Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5559 CRITICAL POC Act Now

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service WordPress 10web Booster
NVD WPScan
CVSS 3.1
9.1
EPSS
2.8%
CVE-2023-46480 CRITICAL Act Now

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Owncast
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-46349 CRITICAL PATCH Act Now

In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Updateproducts
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4590 CRITICAL Act Now

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Frhed
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-6307 CRITICAL Act Now

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jimureport
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy