Skip to main content
CVE-2023-40798 HIGH POC This Week

In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40797 HIGH POC This Week

In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40801 HIGH POC This Week

The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-40800 HIGH POC This Week

The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40031 HIGH POC This Week

Notepad++ is a free and open-source source code editor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Notepad
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-24621 HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34723 HIGH POC This Week

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure La5570 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-36199 HIGH POC This Week

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36198 HIGH POC This Week

Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40915 HIGH POC This Week

Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37249 HIGH This Week

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nios
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25649 HIGH This Week

There is a command injection vulnerability in a mobile internet product of ZTE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-4478 HIGH This Week

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-40796 HIGH This Week

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection K2 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-41121 HIGH PATCH This Week

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Arrayos Ag
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39289 HIGH This Week

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40586 HIGH PATCH This Week

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Coraza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40585 HIGH PATCH This Week

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Ironic Image
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40583 HIGH PATCH This Week

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32756 HIGH This Week

e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft U Office Force
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41173 HIGH This Week

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adguard Dns
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40599 HIGH This Week

Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mailform Pro Cgi
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy