Skip to main content
CVE-2023-49085 HIGH POC THREAT Act Now

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
84.6%
CVE-2023-51035 CRITICAL POC Act Now

TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-51034 CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51033 CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51022 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51021 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51020 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51019 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51018 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51017 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51016 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51015 CRITICAL POC Act Now

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51014 CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51013 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51012 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51011 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-50708 CRITICAL POC PATCH Act Now

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii2 Authclient
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50147 CRITICAL POC Act Now

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-51028 CRITICAL POC Act Now

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51027 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51025 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51024 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51023 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49689 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-49688 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50731 CRITICAL POC PATCH Act Now

MindsDB is a SQL Server for artificial intelligence. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mindsdb
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-51387 HIGH POC PATCH This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Hertzbeat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-50714 HIGH POC PATCH This Week

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack CSRF Yii2 Authclient
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-51448 HIGH POC This Week

Cacti provides an operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2023-7053 HIGH POC This Week

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-51661 HIGH POC PATCH This Week

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Wasmer
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-50254 HIGH POC PATCH This Week

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Deepin Reader
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-43116 HIGH POC PATCH This Week

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Elastic Information Disclosure Elastic Ci Stack
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-51650 HIGH POC This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Hertzbeat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-51449 HIGH POC PATCH This Week

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-49391 HIGH POC This Week

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49356 HIGH POC This Week

A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mp3Gain
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-24609 HIGH POC This Week

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Matrixssl Tls Toolkit
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-51713 HIGH POC This Week

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2023-42465 HIGH POC PATCH This Week

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Authentication Bypass Sudo
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-43741 HIGH POC PATCH This Week

A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Elastic Authentication Bypass Elastic Ci Stack
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-50250 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-7075 MEDIUM POC This Month

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7057 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faculty Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-51704 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49792 CRITICAL PATCH Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42017 CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM Planning Analytics
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-7058 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51707 CRITICAL Act Now

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy