Skip to main content
CVE-2023-47840 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.2% and no vendor patch available.

RCE Code Injection Qode Essential Addons
NVD
CVSS 3.1
9.9
EPSS
21.2%
CVE-2023-50035 CRITICAL POC Act Now

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7161 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7158 CRITICAL POC PATCH Act Now

A vulnerability was found in MicroPython up to 1.21.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Micropython
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23634 CRITICAL POC Act Now

SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Documize
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-7157 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7156 CRITICAL POC Act Now

A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7152 CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Micropython
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52174 CRITICAL POC Act Now

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Microsoft Xnview Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7142 CRITICAL POC Act Now

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7141 CRITICAL POC Act Now

A vulnerability was found in code-projects Client Details System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Client Details System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-50104 CRITICAL POC Act Now

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25054 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rsvpmaker
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51475 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Wp Mlm Unilevel
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51473 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Terraclassifieds
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51468 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site.10.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Download Rencontre Dating Site
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51419 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress File Upload Bertha Ai Chrome
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51411 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.18.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frontend Admin
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-51505 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Woot
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-51470 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site.11.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Rencontre
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51422 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.05.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Webinarignition
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-49830 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Astra
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-32095 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.0.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Rename Media Files
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51421 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Verge3D
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51417 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Jvm Gutenberg Rich Text Icons
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51410 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Mail Log
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-46623 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wp Extra
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-4541 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Management Panel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4675 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Multi Disciplinary Design Optimization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-7159 CRITICAL Act Now

A vulnerability was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-52173 CRITICAL Act Now

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Xnview Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7147 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-23424 CRITICAL Act Now

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Nth An00 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7146 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10.php of the component HTTP POST Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7145 CRITICAL Act Now

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-7144 CRITICAL Act Now

A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Masterlab
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51414 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Envialosimple
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-51545 CRITICAL Act Now

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments.4.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization CSRF Job Manager Career
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-52139 CRITICAL PATCH Act Now

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Misskey
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-45751 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.0.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Nexter Extension
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-40606 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.5.21. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Kanban Boards For Wordpress
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-51412 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.0.25. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Piotnet Forms
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-51420 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Verge3D
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy