Skip to main content
CVE-2023-6553 CRITICAL POC PATCH THREAT Act Now

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.3%.

RCE PHP Code Injection WordPress Backup Migration
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.3%
Threat
6.3
CVE-2023-50917 CRITICAL POC PATCH THREAT Act Now

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
38.3%
CVE-2023-50469 CRITICAL POC Act Now

Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 T310 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.9%
CVE-2023-50089 CRITICAL POC Act Now

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Wnr2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-48050 CRITICAL POC Act Now

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Zkteco Essl Cams Biometrics Integration Module Biometric Attendance
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40954 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Dynamic Progress Bar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48049 CRITICAL POC Act Now

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Website Blog Search
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-50918 CRITICAL PATCH Act Now

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33222 CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33221 CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33220 CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33219 CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33218 CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48392 CRITICAL Act Now

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webitr Attendance System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-48390 CRITICAL Act Now

Multisuns EasyLog web+ has a code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Easylog Web Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48388 CRITICAL Act Now

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easylog Web Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48384 CRITICAL Act Now

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Spamtrap
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46279 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29234 CRITICAL PATCH Act Now

A deserialization vulnerability existed when decode a malicious package.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-48376 CRITICAL Act Now

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cws Collaborative Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48372 CRITICAL Act Now

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48371 CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-4020 CRITICAL Act Now

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy