Skip to main content
CVE-2023-47840 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.2% and no vendor patch available.

RCE Code Injection Qode Essential Addons
NVD
CVSS 3.1
9.9
EPSS
21.2%
CVE-2023-50035 CRITICAL POC Act Now

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7161 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7158 CRITICAL POC PATCH Act Now

A vulnerability was found in MicroPython up to 1.21.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Micropython
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23634 CRITICAL POC Act Now

SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Documize
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-7157 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7156 CRITICAL POC Act Now

A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7152 CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Micropython
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52174 CRITICAL POC Act Now

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Xnview Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7142 CRITICAL POC Act Now

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7141 CRITICAL POC Act Now

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-50104 CRITICAL POC Act Now

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-50071 HIGH POC THREAT This Week

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Customer Support System
NVD GitHub
CVSS 3.1
8.8
EPSS
13.8%
CVE-2023-50070 HIGH POC This Week

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Customer Support System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-52137 HIGH POC PATCH This Week

The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Verify Changed Files
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-7155 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7148 HIGH POC This Week

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Code Injection Shifu
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-50571 HIGH POC This Week

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Easy Rules
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4463 HIGH POC This Week

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-7104 HIGH POC PATCH This Week

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Handler. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Sqlite Fedora
NVD VulDB
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-25054 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rsvpmaker
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51475 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Wp Mlm Unilevel
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51473 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Terraclassifieds
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51468 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site.10.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Download Rencontre Dating Site
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51419 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress File Upload Bertha Ai Chrome
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51411 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.18.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frontend Admin
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51505 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Woot
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-50069 MEDIUM POC This Month

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wiremock
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-7149 MEDIUM POC This Month

A vulnerability was found in code-projects QR Code Generator 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Generator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-51470 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site.11.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Rencontre
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51422 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.05.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Webinarignition
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-49830 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Astra
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-32095 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.0.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Rename Media Files
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51421 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Verge3D
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51417 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Jvm Gutenberg Rich Text Icons
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51410 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Mail Log
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-46623 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wp Extra
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-4462 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-4541 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Management Panel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4675 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Multi Disciplinary Design Optimization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-7159 CRITICAL Act Now

A vulnerability was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-52173 CRITICAL Act Now

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Xnview Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7147 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23424 CRITICAL Act Now

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nth An00 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7146 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10.php of the component HTTP POST Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7145 CRITICAL Act Now

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7144 CRITICAL Act Now

A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51414 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Envialosimple
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-51545 CRITICAL Act Now

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments.4.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization CSRF Job Manager Career
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-52139 CRITICAL PATCH Act Now

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Misskey
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy