Skip to main content
CVE-2023-20198 CRITICAL POC KEV THREAT Emergency

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Information Disclosure Allen Bradley Stratix 5200 Firmware Allen Bradley Stratix 5800 Firmware +1
NVD GitHub
CVSS 3.1
10.0
EPSS
99.6%
CVE-2023-40852 CRITICAL POC Act Now

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi User Registration Login And User Management System With Admin Panel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4666 CRITICAL POC Act Now

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Form Maker
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-45984 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45580 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45579 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45578 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45577 CRITICAL POC Act Now

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45576 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45575 CRITICAL POC Act Now

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45574 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-45573 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-45572 CRITICAL POC Act Now

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE D-Link Di 7003G Firmware +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-44809 CRITICAL POC Act Now

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-44808 CRITICAL POC Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36955 CRITICAL POC Act Now

TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36954 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-36953 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-36950 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36952 CRITICAL POC Act Now

TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36947 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36340 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45685 CRITICAL POC Act Now

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-43119 CRITICAL Act Now

An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Authentication Bypass Exos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3991 CRITICAL Act Now

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Freshtomato
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43668 CRITICAL PATCH Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Inlong
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45158 CRITICAL PATCH Act Now

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Web2Py
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-33836 CRITICAL PATCH Act Now

IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-45144 CRITICAL PATCH Act Now

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Oauth Identity
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2023-5422 CRITICAL Act Now

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Otrs
NVD
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy