Skip to main content
CVE-2023-6581 CRITICAL POC Act Now

A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-6579 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in osCommerce 4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Oscommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
23.8%
CVE-2023-49411 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49409 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-49408 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49406 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-49405 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49404 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50002 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50001 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50000 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49999 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49410 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49403 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Command Injection Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-49402 CRITICAL POC Act Now

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49436 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49435 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49434 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49433 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49432 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49431 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49430 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49429 CRITICAL POC Act Now

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection SQLi Tenda Ax9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49437 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-49428 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-49426 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49425 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49424 CRITICAL POC Act Now

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48860 CRITICAL POC Act Now

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE N300Rt Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-48823 CRITICAL POC Act Now

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Courier Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35039 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.0.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Password Reset With Code For Wordpress Rest Api
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40301 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ngeniuspulse
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-40300 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ngeniuspulse
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39169 CRITICAL Act Now

The affected devices use publicly available default credentials with administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Senec Storage Box Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50164 CRITICAL PATCH Act Now

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal RCE Information Disclosure File Upload Struts
NVD
CVSS 3.1
9.8
EPSS
80.8%
CVE-2023-41913 CRITICAL Act Now

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Strongswan
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-35618 CRITICAL PATCH Act Now

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
9.6
EPSS
2.9%
CVE-2023-40302 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ngeniuspulse
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-39172 CRITICAL Act Now

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Senec Storage Box Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy