Skip to main content
CVE-2023-48777 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.3.0 through 3.18.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.8%.

File Upload Website Builder Elementor
NVD
CVSS 3.1
9.9
EPSS
90.8%
Threat
6.2
CVE-2023-28787 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.1%.

SQLi
NVD
CVSS 3.1
9.3
EPSS
32.1%
Threat
4.3
CVE-2023-47873 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.0.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

File Upload Wp Child Theme Generator
NVD
CVSS 3.1
9.1
EPSS
13.0%
CVE-2024-2927 CRITICAL POC Act Now

A vulnerability was found in code-projects Mobile Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mobile Shop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2917 CRITICAL POC Act Now

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure House Rental Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28545 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-25421 CRITICAL POC PATCH Act Now

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openfire
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-29401 CRITICAL POC Act Now

xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xzs Mysql
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29684 CRITICAL POC Act Now

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29303 CRITICAL POC Act Now

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38388 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.

File Upload Jupiter X Core
NVD
CVSS 3.1
9.0
EPSS
22.9%
CVE-2023-23656 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-2921 CRITICAL Act Now

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Devolutions Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2452 CRITICAL PATCH Act Now

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Threadx Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28048 CRITICAL Act Now

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-30231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-47846 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.16.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Githuber Md
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-47842 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-29386 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy