Skip to main content
CVE-2023-0663 CRITICAL POC Act Now

A vulnerability was found in Calendar Event Management System 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Calendar Event Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23088 CRITICAL POC Act Now

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Json Parser
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23087 CRITICAL POC Act Now

An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mojojson
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23086 CRITICAL POC Act Now

Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Mojojson
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24157 CRITICAL POC Act Now

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24156 CRITICAL POC Act Now

A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24155 CRITICAL POC Act Now

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24154 CRITICAL POC Act Now

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24153 CRITICAL POC Act Now

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24152 CRITICAL POC Act Now

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24151 CRITICAL POC Act Now

A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24150 CRITICAL POC Act Now

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-24149 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24148 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-24146 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24145 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-24144 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24143 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24142 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24141 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24140 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24139 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24138 CRITICAL POC Act Now

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ca300 Poe Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-25139 CRITICAL POC Act Now

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Glibc
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-25135 CRITICAL POC THREAT Act Now

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Vbulletin
NVD
CVSS 3.1
9.8
EPSS
23.9%
CVE-2023-24576 CRITICAL PATCH Act Now

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Emc Networker
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23477 CRITICAL Act Now

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection IBM Websphere Application Server
NVD
CVSS 3.1
9.8
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy