Skip to main content
CVE-2023-6272 CRITICAL POC Act Now

The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress 2Fa
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6906 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7100Ru Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-50976 CRITICAL POC PATCH Act Now

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Redpanda
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6907 CRITICAL POC Act Now

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-32728 CRITICAL Act Now

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6483 CRITICAL Act Now

The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Allied Digital Integrated Tool As A Service
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-6905 CRITICAL Act Now

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&id=1 of the component Bind Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Nxfilter
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy