Skip to main content
CVE-2022-45362 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.7.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.9%.

SSRF Payment Gateway
NVD
CVSS 3.1
7.2
EPSS
32.9%
CVE-2023-6581 CRITICAL POC Act Now

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-6579 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in osCommerce 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oscommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
23.8%
CVE-2023-49411 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49409 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-49408 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49406 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-49405 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49404 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50002 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50001 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50000 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49999 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49410 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49403 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49402 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49436 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49435 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49434 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49433 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49432 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49431 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49430 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49429 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection SQLi Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49437 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49428 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-49426 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49425 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49424 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48860 CRITICAL POC Act Now

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE N300Rt Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-48823 CRITICAL POC Act Now

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Courier Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-4122 HIGH POC This Week

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Student Information System
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-6580 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Deserialization Dir 846 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-6575 HIGH POC This Week

A vulnerability was found in Byzoro S210 up to 20231121. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2023-6574 HIGH POC This Week

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S20 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-49468 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49467 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49465 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49464 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49463 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49462 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49460 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48841 HIGH POC This Week

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Appointment Scheduler
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48835 HIGH POC This Week

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Car Rental Script
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48830 HIGH POC This Week

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Shuttle Booking Software
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48826 HIGH POC This Week

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Time Slots Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48207 HIGH POC This Week

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Availability Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43304 HIGH POC This Week

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43302 HIGH POC This Week

An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-43301 HIGH POC This Week

An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy