Skip to main content
CVE-2023-50991 HIGH POC THREAT Act Now

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Buffer Overflow Tenda Denial Of Service I29 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
12.9%
CVE-2023-39296 HIGH POC This Week

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Qnap Qts Quts Hero
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0247 HIGH POC This Week

A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2023-41288 HIGH This Week

An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-52150 HIGH This Week

CSRF in Dynamic Content for Elementor plugin before 2.12.5.

CSRF Elementor
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-34326 HIGH This Week

The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34325 HIGH PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34322 HIGH This Week

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-52143 HIGH This Week

Information exposure in WP Stripe Checkout plugin through 1.2.2.37.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51502 HIGH This Week

Authorization bypass via user-controlled key in WooCommerce Stripe Payment Gateway plugin.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-47560 HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-21642 HIGH PATCH This Month

D-Tale is a visualizer for Pandas data structures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF D Tale
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy