Skip to main content
CVE-2023-46535 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46534 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46527 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46526 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46525 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46523 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46522 CRITICAL POC Act Now

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46521 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46520 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46518 CRITICAL POC Act Now

Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-46373 CRITICAL POC Act Now

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46371 CRITICAL POC Act Now

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46370 CRITICAL POC THREAT Act Now

Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
18.1%
CVE-2023-46369 CRITICAL POC Act Now

Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46347 CRITICAL POC THREAT Act Now

In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ndk Steppingpack
NVD
CVSS 3.1
9.8
EPSS
49.9%
CVE-2023-45554 CRITICAL POC Act Now

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Zzzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-44794 CRITICAL POC PATCH Act Now

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sa Token
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43795 CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
67.7%
CVE-2023-31581 CRITICAL POC PATCH Act Now

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sureness
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45136 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
5.1%
CVE-2023-37908 CRITICAL POC PATCH Act Now

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki Rendering
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2023-46133 CRITICAL POC PATCH Act Now

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cryptoes
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-45134 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.8%
CVE-2023-5753 HIGH POC This Week

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-43961 HIGH POC PATCH This Week

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Sa Token
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37913 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-37912 HIGH POC PATCH This Week

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki Rendering
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-37909 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-39740 HIGH POC This Week

The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Onigiriya Musubee
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39739 HIGH POC This Week

The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Regina Sweets Bakery
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39737 HIGH POC This Week

The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Matsuya
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39736 HIGH POC This Week

The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fukunaga Memberscard
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39735 HIGH POC This Week

The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uomasa Saiji New
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39734 HIGH POC This Week

The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Trackdiner10 10 Mc
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39733 HIGH POC This Week

The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tonton Tei
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39732 HIGH POC This Week

The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tokueimaru Waiting
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-37910 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-45135 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-45990 HIGH POC This Week

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wenwenai Cms
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4692 HIGH POC This Week

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Grub2 Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45555 HIGH POC This Week

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzzcms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-38849 HIGH POC This Week

An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38848 HIGH POC This Week

An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38847 HIGH POC This Week

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38846 HIGH POC This Week

An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38845 HIGH POC This Week

An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46135 HIGH POC PATCH This Week

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rs Stellar Strkey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46120 HIGH POC PATCH This Week

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Rabbitmq Java Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39619 HIGH POC This Week

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Node Email Check
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-46128 MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy