Skip to main content
CVE-2023-50651 CRITICAL POC Act Now

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-50589 CRITICAL POC Act Now

Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Geosiap Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50578 CRITICAL POC Act Now

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-7175 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online College Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-52252 CRITICAL POC Act Now

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Unified Remote
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41544 CRITICAL POC Act Now

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-41543 CRITICAL POC Act Now

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41542 CRITICAL POC Act Now

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52262 CRITICAL PATCH Act Now

outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Little Backup Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-51136 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51135 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51133 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy