Skip to main content
CVE-2023-40942 CRITICAL POC Act Now

Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40029 CRITICAL POC PATCH Act Now

Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-30908 CRITICAL Act Now

A remote authentication bypass issue exists in a OneView API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39422 CRITICAL Act Now

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-39423 CRITICAL Act Now

The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Internet Reservation Module Next Generation
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy