Skip to main content
CVE-2023-25102 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25101 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25100 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25099 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25098 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25097 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25096 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25095 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25094 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25093 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25092 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25091 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25090 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25089 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25088 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25087 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25086 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25085 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25084 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25083 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25082 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25081 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-24595 HIGH POC This Week

An OS command injection vulnerability exists in the ys_thirdparty system_user_script functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.7%
CVE-2023-23550 HIGH POC This Week

An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2023-22659 HIGH POC This Week

An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.7%
CVE-2023-22306 HIGH POC This Week

An OS command injection vulnerability exists in the libzebra.so bridge_group functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.6%
CVE-2023-36968 HIGH POC This Week

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-3523 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-37131 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Yzncms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-23547 MEDIUM POC This Month

A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ur32L Firmware
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-36995 MEDIUM POC This Month

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Travianz
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26137 MEDIUM POC This Month

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Drogon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3521 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fossbilling
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-29656 MEDIUM POC This Month

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Threat Visualizer
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-36460 CRITICAL PATCH Act Now

Mastodon is a free, open-source social network server based on ActivityPub. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Denial Of Service Mastodon
NVD GitHub
CVSS 3.1
9.9
EPSS
40.1%
CVE-2023-36859 CRITICAL Act Now

PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35987 CRITICAL Act Now

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33868 CRITICAL Act Now

The number of login attempts is not limited. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3528 CRITICAL Act Now

A vulnerability was found in ThinuTech ThinuCMS 1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Thinu Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-29382 CRITICAL Act Now

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29381 CRITICAL Act Now

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37242 CRITICAL Act Now

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37454 MEDIUM POC This Month

An issue was discovered in the Linux kernel through 6.4.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3531 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37136 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37135 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37134 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37133 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Column management module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37132 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the custom variables module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37125 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy