Skip to main content
CVE-2023-6875 CRITICAL POC THREAT Emergency

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2023-6567 CRITICAL POC THREAT Emergency

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

WordPress SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
82.3%
Threat
5.9
CVE-2023-52028 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
20.6%
Threat
4.1
CVE-2023-52032 CRITICAL POC THREAT Emergency

TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Information Disclosure Ex1200t Firmware
NVD
CVSS 3.1
9.8
EPSS
16.3%
CVE-2023-52029 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-52027 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-52031 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Information Disclosure A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-52030 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-51984 CRITICAL POC THREAT Emergency

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Command Injection D-Link Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2023-51350 CRITICAL POC Act Now

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-51987 CRITICAL POC Act Now

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-6316 CRITICAL PATCH Act Now

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
8.3%
CVE-2023-6699 CRITICAL PATCH Act Now

The WP Compress - Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal
NVD VulDB
CVSS 3.1
9.1
EPSS
3.4%
CVE-2024-22199 CRITICAL PATCH This Week

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Django
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2024-23061 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23060 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23059 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-23058 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-23057 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-22942 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-21669 CRITICAL POC PATCH Act Now

Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Aries Cloud Agent
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy