Skip to main content
CVE-2023-4414 CRITICAL POC THREAT Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Smart S85F
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
17.8%
CVE-2023-4412 CRITICAL POC Act Now

A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-4411 CRITICAL POC Act Now

A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.6%
CVE-2023-4410 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-4407 CRITICAL POC Act Now

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Credit Lite
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38890 HIGH POC This Week

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Online Shopping Portal
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-4415 HIGH POC THREAT This Week

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rg Ew1200G Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
56.1%
CVE-2023-4409 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbs Happysoftwechat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38839 HIGH POC This Week

SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Minimati
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39125 HIGH POC This Week

NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ntsc Crt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27576 MEDIUM POC This Month

An issue was discovered in phpList before 3.6.14. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Phplist
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-38910 MEDIUM POC This Month

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Csz Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40175 CRITICAL PATCH Act Now

Puma is a Ruby/Rack web server built for parallelism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Puma
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40174 CRITICAL PATCH Act Now

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Social Media Skeleton
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-40069 CRITICAL Act Now

OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrc F1167Acf Firmware Wrc 1750Ghbk Firmware Wrc 1167Ghbk2 Firmware Wrc 1750Ghbk2 I Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39454 CRITICAL Act Now

Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wrc X1800Gs B Firmware Wrc X1800Gsa B Firmware Wrc X1800Gsh B Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35991 CRITICAL Act Now

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lan Wh300Andgpe Firmware Lan Wh300N Dgp Firmware Lan Wh300An Dgp Firmware Lan Wh450N Gp Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32626 CRITICAL Act Now

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Lan W300N Rs Firmware Lan W300N Pr5 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39674 CRITICAL Act Now

D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 880L A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39673 CRITICAL Act Now

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39672 CRITICAL Act Now

Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Wh450A Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39671 CRITICAL Act Now

D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 880L A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39670 CRITICAL Act Now

Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39668 CRITICAL Act Now

D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 868l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39667 CRITICAL Act Now

D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 868l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39666 CRITICAL Act Now

D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 842 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39665 CRITICAL Act Now

D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 868l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38911 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-40172 HIGH PATCH This Week

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Social Media Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-4422 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Cockpit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-40072 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wab S600 Ps Firmware Wab S300 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-39944 HIGH This Week

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wrc F1167Acf Firmware Wrc 1750Ghbk Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-39455 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wrc 600Ghbk A Firmware Wrc 1467Ghbk A Firmware Wrc 1900Ghbk A Firmware Wrc 733Febk2 A Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-39445 HIGH This Week

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Wrc 1467Ghbk A Firmware Wrc 1467Ghbk S Firmware Wrc 1900Ghbk A Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38132 HIGH This Week

LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lan W451Ngr Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-38576 HIGH This Week

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Lan Wh300N Re Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-40173 HIGH PATCH This Week

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Social Media Skeleton
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-20212 HIGH This Week

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-39415 HIGH This Week

Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proself
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39669 HIGH This Week

D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference D-Link Dir 880L A1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-39416 HIGH This Week

Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Proself
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-40037 MEDIUM PATCH This Month

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Nifi
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-32122 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Spiffy Calendar
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32109 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32108 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30499 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fv Flowplayer Video Player
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32107 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Photo Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32106 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Docs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32105 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wppizza
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31218 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
6.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy