Skip to main content
CVE-2023-4201 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4200 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38940 CRITICAL POC Act Now

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware F1203 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38939 CRITICAL POC Act Now

Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38938 CRITICAL POC Act Now

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Pa202 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38937 CRITICAL POC Act Now

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware +5
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38936 CRITICAL POC Act Now

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38935 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac1206 Firmware Ac5 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38934 CRITICAL POC Act Now

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware F1203 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38933 CRITICAL POC Act Now

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38932 CRITICAL POC Act Now

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Pa202 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38931 CRITICAL POC Act Now

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38930 CRITICAL POC Act Now

Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac7 Firmware F1203 Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38929 CRITICAL POC Act Now

Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda 4G300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4193 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4192 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39363 CRITICAL POC PATCH Act Now

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vyper
NVD GitHub
CVSS 4.0
9.1
EPSS
0.7%
CVE-2023-39523 HIGH POC PATCH This Week

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Docker Scancode Io
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-39550 HIGH POC This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38926 HIGH POC This Week

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Ex6200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38591 HIGH POC This Week

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Dg834Gv5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38412 HIGH POC This Week

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6900P Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36499 HIGH POC This Week

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2843 HIGH POC This Week

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39349 HIGH POC PATCH This Week

Sentry is an error tracking and performance monitoring platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sentry
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-3365 HIGH POC This Week

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-39520 HIGH POC PATCH This Week

Cryptomator encrypts data being stored on cloud infrastructure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Cryptomator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3896 HIGH POC PATCH This Week

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4199 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32783 HIGH POC This Week

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Adaudit Plus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-36220 HIGH POC This Week

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Textpattern
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2023-3492 MEDIUM POC This Month

The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wp Shopping Pages
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-3671 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3524 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpcode
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39526 CRITICAL PATCH Act Now

PrestaShop is an open source e-commerce web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE Microsoft SQLi Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39524 CRITICAL PATCH Act Now

PrestaShop is an open source e-commerce web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38704 CRITICAL PATCH Act Now

import-in-the-middle is a module loading interceptor specifically for ESM modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Import In The Middle
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38928 CRITICAL Act Now

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R7100Lg Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38044 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Hikashop
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34477 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Virtual Classroom
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34476 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Proforms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-23758 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Creative Gallery
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-23757 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bestaddon Gallery
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32090 CRITICAL Act Now

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pega Platform
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3575 MEDIUM POC This Month

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0604 MEDIUM POC This Month

The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Food Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39530 CRITICAL PATCH Act Now

PrestaShop is an open source e-commerce web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-39529 CRITICAL PATCH Act Now

PrestaShop is an open source e-commerce web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-39525 CRITICAL PATCH Act Now

PrestaShop is an open source e-commerce web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Prestashop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-38925 HIGH This Week

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dc112A Firmware Ex6200 Firmware R6300V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
14.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy