Skip to main content
CVE-2023-46527 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46526 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46525 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46523 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46522 CRITICAL POC Act Now

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46521 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46520 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46518 CRITICAL POC Act Now

Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-46373 CRITICAL POC Act Now

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46371 CRITICAL POC Act Now

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46370 CRITICAL POC THREAT Act Now

Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
18.1%
CVE-2023-46369 CRITICAL POC Act Now

Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W18E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46347 CRITICAL POC THREAT Act Now

In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ndk Steppingpack
NVD
CVSS 3.1
9.8
EPSS
49.9%
CVE-2023-45554 CRITICAL POC Act Now

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Zzzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-44794 CRITICAL POC PATCH Act Now

An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sa Token
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43795 CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SSRF Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
67.7%
CVE-2023-31581 CRITICAL POC PATCH Act Now

Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sureness
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45136 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
5.1%
CVE-2023-37908 CRITICAL POC PATCH Act Now

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Xwiki Rendering
NVD GitHub
CVSS 3.1
9.6
EPSS
1.1%
CVE-2023-46133 CRITICAL POC PATCH Act Now

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cryptoes
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-45134 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
1.8%
CVE-2023-46010 CRITICAL Act Now

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Seacms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46134 CRITICAL PATCH Act Now

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE Python XSS D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5746 CRITICAL Act Now

A vulnerability regarding use of externally-controlled format string is found in the cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-5731 CRITICAL Act Now

Memory safety bugs present in Firefox 118. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5730 CRITICAL Act Now

Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46358 CRITICAL Act Now

In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Referralbyphone
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46158 CRITICAL Act Now

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server Liberty
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42494 CRITICAL Act Now

EisBaer Scada - CWE-749: Exposed Dangerous Method or Function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42493 CRITICAL Act Now

EisBaer Scada - CWE-256: Plaintext Storage of a Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-42492 CRITICAL Act Now

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-42491 CRITICAL Act Now

EisBaer Scada - CWE-285: Improper Authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42489 CRITICAL Act Now

EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39930 CRITICAL Act Now

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingid Radius Pcv
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37283 CRITICAL Act Now

Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingfederate
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30912 CRITICAL Act Now

A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46233 CRITICAL PATCH Act Now

crypto-js is a JavaScript library of crypto standards. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crypto Js
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27262 CRITICAL Act Now

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-27260 CRITICAL Act Now

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27255 CRITICAL Act Now

Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-27254 CRITICAL Act Now

Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26584 CRITICAL Act Now

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26583 CRITICAL Act Now

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26582 CRITICAL Act Now

Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26581 CRITICAL Act Now

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26573 CRITICAL Act Now

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Idweb
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-26572 CRITICAL Act Now

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26569 CRITICAL Act Now

Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26568 CRITICAL Act Now

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy