Skip to main content
CVE-2023-4257 CRITICAL POC Act Now

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-45467 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-45466 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3Mv2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-45465 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-5572 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Vrite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45162 CRITICAL Act Now

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Platform
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-29464 CRITICAL Act Now

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Linx
NVD
CVSS 3.1
9.1
EPSS
9.6%
CVE-2023-4562 CRITICAL Act Now

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx3G 14 Mr Ds Firmware Fx3G 14 Mr Es Firmware Fx3G 14 Mt Ds Firmware Fx3G 14 Mt Dss Firmware +186
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy