Skip to main content
CVE-2023-49693 CRITICAL POC Act Now

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Netgear RCE Authentication Bypass Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-49091 CRITICAL POC PATCH Act Now

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cosmos Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45484 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45483 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45482 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45481 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45480 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45479 CRITICAL POC Act Now

Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-47462 CRITICAL POC Act Now

Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Gl Ax1800 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46886 CRITICAL POC Act Now

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-23325 CRITICAL Act Now

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Netlink Ccd Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-23324 CRITICAL Act Now

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netlink Ccd Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49656 CRITICAL PATCH Act Now

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Matlab
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49654 CRITICAL PATCH Act Now

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Matlab
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6345 CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Debian Linux +2
NVD
CVSS 3.1
9.6
EPSS
19.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy