Skip to main content
CVE-2023-6765 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6756 CRITICAL POC Act Now

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-6771 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46727 CRITICAL PATCH Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
67.1%
CVE-2023-46726 CRITICAL PATCH Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-49363 CRITICAL Act Now

Rockoa <2.3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rockoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42495 CRITICAL Act Now

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection W Web
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-6723 CRITICAL Act Now

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Repox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47577 CRITICAL Act Now

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy