Skip to main content
CVE-2023-1947 CRITICAL POC Act Now

A vulnerability was found in taoCMS 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Taocms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27033 CRITICAL POC Act Now

Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cdesigner
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1942 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1941 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29478 CRITICAL POC Act Now

BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Bibliocraft
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26978 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-26848 CRITICAL POC Act Now

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-27021 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27020 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27019 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27018 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27017 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27016 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27015 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27014 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27013 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27012 CRITICAL POC Act Now

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24797 CRITICAL POC Act Now

D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption D-Link +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-1940 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26817 HIGH POC This Week

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Codefever
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27180 HIGH POC This Week

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure PHP Gdidees Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26820 HIGH POC This Week

siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Siteproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1909 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bp Monitoring Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28706 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apache Airflow Hive Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-25220 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25219 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25218 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25217 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25216 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25215 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25214 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25213 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25212 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25211 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25210 CRITICAL Act Now

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Tenda Memory Corruption +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24800 CRITICAL Act Now

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption D-Link +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24799 CRITICAL Act Now

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption D-Link +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24798 CRITICAL Act Now

D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption D-Link +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27620 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Robo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25442 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zeno Font Resizer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23799 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easy Panorama
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1937 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Blog
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-28051 HIGH This Week

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28710 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-28707 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Drill
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-27876 HIGH PATCH This Week

IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Tririga Application Platform
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-1801 MEDIUM PATCH This Month

The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Tcpdump
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1946 MEDIUM This Month

A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Survey Application System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29388 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Product Catalog Simple
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29172 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Propertyhive
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy