Skip to main content
CVE-2023-40042 CRITICAL POC Act Now

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T10 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-40041 CRITICAL POC Act Now

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T10 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39532 CRITICAL POC PATCH Act Now

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js RCE Ses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37569 HIGH POC THREAT This Week

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Emagic Data Center Management
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
24.0%
CVE-2023-39533 HIGH POC PATCH This Week

go-libp2p is the Go implementation of the libp2p Networking Stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Go Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33756 HIGH POC This Week

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foswiki
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4219 HIGH POC This Week

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37687 HIGH POC This Week

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Online Nurse Hiring System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-39951 MEDIUM POC PATCH This Month

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Opentelemetry Instrumentation For Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36306 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Loganalyzer
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2023-3572 CRITICAL Act Now

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-3522 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3386 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.1905. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3651 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Digital Ant
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3716 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Collection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3717 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Remote Administration Console
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3898 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Commerce
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-39213 CRITICAL Act Now

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39216 CRITICAL Act Now

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft Zoom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38186 CRITICAL PATCH Act Now

Windows Mobile Device Management Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Microsoft Authentication Bypass Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-36911 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-36910 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-36903 CRITICAL PATCH Act Now

Windows System Assessment Tool Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-36534 CRITICAL Act Now

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Zoom
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35385 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-21709 CRITICAL PATCH Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-20586 CRITICAL Act Now

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Amd Privilege Escalation Radeon Software
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37682 CRITICAL Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37372 CRITICAL Act Now

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ruggedcom Crossbow
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28561 CRITICAL Act Now

Memory corruption in QESL while processing payload from external ESL device to firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qcn7606 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-24845 CRITICAL Act Now

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Ros
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39976 CRITICAL PATCH Act Now

log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libqb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39439 CRITICAL Act Now

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37483 CRITICAL Act Now

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Powerdesigner
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3526 CRITICAL Act Now

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Client 1101T Tx Firmware Tc Cloud Client 1002 4G Att Firmware Tc Cloud Client 1002 4G Firmware Tc Cloud Client 1002 4G Vzw Firmware +3
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2023-38758 MEDIUM POC This Month

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Workout Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4203 MEDIUM POC This Month

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eki 1524 Firmware Eki 1522 Firmware Eki 1521 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-4202 MEDIUM POC This Month

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eki 1524 Firmware Eki 1522 Firmware Eki 1521 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-37490 CRITICAL Act Now

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2023-37686 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37685 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37684 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37683 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37689 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37688 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37690 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-26961 MEDIUM POC This Month

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alteryx Server
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36899 HIGH PATCH This Week

ASP.NET Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Net Framework
NVD
CVSS 3.1
8.8
EPSS
74.3%
CVE-2023-38185 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-38181 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
16.8%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy