Skip to main content
CVE-2023-24489 CRITICAL POC KEV THREAT Act Now

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sharefile Storage Zones Controller
NVD
CVSS 3.1
9.8
EPSS
95.1%
CVE-2023-37712 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Ac1206 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37711 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37710 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37707 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37706 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37705 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37704 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37703 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37702 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37701 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37700 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3578 CRITICAL POC Act Now

A vulnerability classified as critical was found in DedeCMS 5.7.109. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-3077 CRITICAL POC Act Now

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mstore Api
NVD WPScan
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-3076 CRITICAL POC Act Now

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Mstore Api
NVD WPScan
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-37152 CRITICAL POC Act Now

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Art Gallery
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-2852 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Selfpatron
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vehicle Tracking System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-30765 CRITICAL PATCH Act Now

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-34347 CRITICAL PATCH Act Now

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3599 CRITICAL Act Now

A vulnerability was found in SourceCodester Best Fee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP Best Fee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37286 CRITICAL Act Now

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Smartbpm Net
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37277 CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Mozilla Apple CSRF Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-3605 CRITICAL Act Now

A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Online Shopping Portal
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-37287 CRITICAL Act Now

SmartBPM.NET has a vulnerability of using hard-coded authentication key. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartbpm Net
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy