Skip to main content
CVE-2023-33831 CRITICAL POC THREAT Act Now

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fuxa
NVD GitHub
CVSS 3.1
9.8
EPSS
13.7%
CVE-2023-42320 CRITICAL POC Act Now

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-42359 CRITICAL POC Act Now

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Exam Form Submission In Php With Source Code
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42454 CRITICAL POC PATCH Act Now

SQLpage is a SQL-only webapp builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sqlpage
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-41084 CRITICAL Act Now

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41030 CRITICAL Act Now

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rx4 1500 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5034 CRITICAL Act Now

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP My Food Recipe
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy