Skip to main content
CVE-2023-32590 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category.7.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.3%.

SQLi Subscribe To Category
NVD
CVSS 3.1
9.3
EPSS
19.3%
CVE-2023-50989 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-50983 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-50992 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50990 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50988 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50987 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50986 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50985 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50984 CRITICAL POC Act Now

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I29 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47990 CRITICAL POC Act Now

SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-50628 CRITICAL POC PATCH Act Now

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Libming
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-50044 CRITICAL POC PATCH Act Now

Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mjs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6975 CRITICAL POC PATCH Act Now

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mlflow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-6974 CRITICAL POC PATCH Act Now

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SSRF Mlflow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27172 CRITICAL POC Act Now

Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Write Back Manager
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-5011 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5010 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5007 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6976 HIGH POC PATCH This Week

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-7018 HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-6562 HIGH POC This Week

JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kakadu Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6977 HIGH POC PATCH This Week

This vulnerability enables malicious users to read sensitive files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2023-29384 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Jobwp
NVD
CVSS 3.1
10.0
EPSS
4.1%
CVE-2023-3742 MEDIUM POC This Month

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-49773 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.23. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Bcorp Shortcodes
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-49772 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis Simple Love
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-46149 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.3.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ultra
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-34385 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.8.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Export Import Menus
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-34007 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.8.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Download Monitor
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-33318 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.9.40. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress Automatewoo
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-31215 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dropshipping Affiliation With Amazon
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2023-31231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).5.65. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-25970 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop - Global Dropshipping.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Zendrop
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-50993 CRITICAL Act Now

Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rg Ws6008 Firmware Rg Ws6108 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48434 CRITICAL Act Now

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Voting System Project
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48433 CRITICAL Act Now

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Voting System Project
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-47118 CRITICAL Act Now

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-35895 CRITICAL Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection IBM Informix Jdbc
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6912 CRITICAL Act Now

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6768 CRITICAL Act Now

Authentication bypass vulnerability in Amazing Little Poll affecting versions 1.3 and 1.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Amazing Little Poll
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45887 CRITICAL Act Now

DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ds Wireless Communication
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-45603 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts - Enable Users to Submit Posts from the Front End. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload User Submitted Posts
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2023-49269 MEDIUM POC This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49776 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sayfa Sayac
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2023-49752 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Adifier
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-40010 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in realmag777 HUSKY - Products Filter for WooCommerce Professional.3.4.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-49814 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Symbiostock symbiostock.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Symbiostock
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-40204 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders - Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.9.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Folders
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-29102 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Olive One Click Demo Import
NVD
CVSS 3.1
9.1
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy