Skip to main content
CVE-2023-47261 CRITICAL POC Act Now

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Enterprise Content Management
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-50563 CRITICAL POC Act Now

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-50073 CRITICAL POC Act Now

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Empirecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-48084 CRITICAL POC THREAT Act Now

Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
33.7%
CVE-2023-44709 CRITICAL POC Act Now

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Plutosvg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31546 CRITICAL POC THREAT Act Now

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Dedebiz
NVD GitHub
CVSS 3.1
9.6
EPSS
49.4%
CVE-2023-45894 CRITICAL Act Now

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Application Server
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2023-4489 CRITICAL Act Now

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Z Ip Gateway Sdk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46141 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0757 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Multiprog Proconos Eclr
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49708 CRITICAL Act Now

SQLi vulnerability in Starshop component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Starshop
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49707 CRITICAL Act Now

SQLi vulnerability in S5 Register module for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi S5 Register
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48925 CRITICAL PATCH Act Now

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bavideotab
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46348 CRITICAL PATCH Act Now

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sturls
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40630 CRITICAL Act Now

Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jcdashboard
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40629 CRITICAL Act Now

SQLi vulnerability in LMS Lite component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Lms King Lite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48085 CRITICAL Act Now

Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
75.8%
CVE-2023-49937 CRITICAL Act Now

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Slurm
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49934 CRITICAL Act Now

An issue was discovered in SchedMD Slurm 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40921 CRITICAL PATCH Act Now

SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Soliberte
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy