Skip to main content
CVE-2023-5521 CRITICAL POC PATCH Act Now

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Kernelsu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45132 CRITICAL PATCH Act Now

NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nginx Naxsi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35662 CRITICAL Act Now

there is a possible out of bounds write due to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35648 CRITICAL Act Now

In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-35647 CRITICAL Act Now

In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-35646 CRITICAL Act Now

In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35968 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35967 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35966 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35965 CRITICAL Act Now

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-35056 CRITICAL Act Now

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35055 CRITICAL Act Now

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34426 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34365 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34346 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32645 CRITICAL Act Now

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
53.8%
CVE-2023-32632 CRITICAL Act Now

A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31272 CRITICAL Act Now

A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24479 CRITICAL Act Now

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yf325 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-44116 CRITICAL Act Now

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44105 CRITICAL Act Now

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44106 CRITICAL Act Now

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-44118 CRITICAL Act Now

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-44107 CRITICAL Act Now

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-44981 CRITICAL PATCH Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Zookeeper Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy