Skip to main content
CVE-2023-40942 CRITICAL POC Act Now

Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40029 CRITICAL POC PATCH Act Now

Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-4815 HIGH POC PATCH This Week

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Answer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-30800 HIGH POC This Week

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mikrotik Routeros
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-39711 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30908 CRITICAL Act Now

A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39422 CRITICAL Act Now

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37798 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41316 MEDIUM POC PATCH This Month

Tolgee is an open-source localization platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Tolgee
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41646 MEDIUM POC PATCH This Month

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buttercup
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39423 CRITICAL Act Now

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-39424 HIGH This Week

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Internet Reservation Module Next Generation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39420 HIGH This Week

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-39237 HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-39236 HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38033 HIGH This Week

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38032 HIGH This Week

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38031 HIGH This Week

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4685 HIGH This Week

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cncsoft B Dopsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41064 HIGH KEV THREAT This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
15.3%
CVE-2023-41061 HIGH KEV THREAT This Week

A validation issue was addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-34357 HIGH This Week

Soar Cloud Ltd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hr Portal
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39421 HIGH This Week

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-4528 HIGH This Week

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Microsoft Apple Deserialization Jscape Mft
NVD
CVSS 3.1
7.2
EPSS
27.1%
CVE-2023-40060 HIGH This Week

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Serv U
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-39240 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39239 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39238 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-20193 MEDIUM This Month

A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-40584 MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-4772 MEDIUM PATCH This Month

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Newsletter
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3747 MEDIUM This Month

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Warp
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41161 MEDIUM This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20194 MEDIUM This Month

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-4792 MEDIUM PATCH This Month

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Duplicate Post Page Menu Custom Post Type
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-36635 MEDIUM This Month

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiswitchmanager
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy