Skip to main content
CVE-2023-31446 CRITICAL POC THREAT Emergency

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Command Injection Xc1000 Firmware Xc2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
92.7%
Threat
6.2
CVE-2023-51123 CRITICAL POC THREAT Emergency

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Command Injection RCE D-Link Dir 815 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2023-41974 HIGH POC KEV THREAT Act Now

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption RCE Use After Free Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
Threat
4.6
CVE-2023-48728 CRITICAL POC THREAT Emergency

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

XSS Avideo
NVD
CVSS 3.1
9.6
EPSS
17.4%
CVE-2023-49471 HIGH POC THREAT Act Now

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

SSRF RCE Bar Assistant
NVD GitHub
CVSS 3.1
8.8
EPSS
13.0%
CVE-2023-51126 CRITICAL Act Now

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.3% and no vendor patch available.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
25.3%
CVE-2023-51972 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-26629 CRITICAL POC Act Now

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49599 CRITICAL POC Act Now

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Avideo
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51970 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51969 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51968 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51967 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51962 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51963 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51965 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51964 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51960 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51959 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51958 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51957 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51956 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51954 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51953 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51952 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51966 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51961 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51971 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51955 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-52064 CRITICAL POC Act Now

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-47861 CRITICAL POC Act Now

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Avideo
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-49589 HIGH POC This Week

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-49738 HIGH POC This Week

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45139 HIGH POC PATCH This Week

fontTools is a library for manipulating fonts, written in Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XXE Fonttools
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-48864 HIGH POC This Week

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-49810 HIGH POC This Week

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Avideo
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-50916 HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager Windows
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-49864 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-49863 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-49862 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47171 MEDIUM POC This Month

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Avideo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47997 MEDIUM POC This Month

An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-26628 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hospital Management System
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-49394 MEDIUM POC This Month

Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Zentao
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-31488 CRITICAL Act Now

Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Memory Corruption Ironport Email Security Appliance +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47862 CRITICAL Act Now

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Avideo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40414 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple Safari +6
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-50120 MEDIUM POC This Month

MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-41056 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
6.8%
CVE-2022-46025 CRITICAL PATCH Act Now

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass N200Re V5 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy