Skip to main content
CVE-2023-51467 CRITICAL POC PATCH THREAT Act Now

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Ofbiz
NVD
CVSS 3.1
9.8
EPSS
96.0%
CVE-2023-5991 CRITICAL POC Act Now

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress CSRF Hotel Booking Lite
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-51102 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51101 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51100 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-51099 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-51098 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-51097 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51094 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51093 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51092 CRITICAL POC THREAT Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.9%
CVE-2023-51091 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.5%
CVE-2023-51090 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51095 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-7111 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy