Skip to main content
CVE-2023-31446 CRITICAL POC THREAT Emergency

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

Command Injection Xc1000 Firmware Xc2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
92.7%
Threat
6.2
CVE-2023-51123 CRITICAL POC THREAT Emergency

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Command Injection RCE D-Link Dir 815 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2023-48728 CRITICAL POC THREAT Emergency

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.4%.

XSS Avideo
NVD
CVSS 3.1
9.6
EPSS
17.4%
CVE-2023-51126 CRITICAL Act Now

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.3% and no vendor patch available.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
25.3%
CVE-2023-51972 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-26629 CRITICAL POC Act Now

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49599 CRITICAL POC Act Now

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Avideo
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51970 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51969 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51968 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51967 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51962 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51963 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-51965 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51964 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51960 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51959 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51958 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51957 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51956 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51954 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51953 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51952 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51966 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51961 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51971 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-51955 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Tenda Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-52064 CRITICAL POC Act Now

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-47861 CRITICAL POC Act Now

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Avideo
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-31488 CRITICAL Act Now

Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Memory Corruption Ironport Email Security Appliance +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47862 CRITICAL Act Now

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Avideo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40414 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Apple Safari +6
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-46025 CRITICAL PATCH Act Now

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass N200Re V5 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-21638 CRITICAL PATCH This Week

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Ipam
NVD GitHub
CVSS 3.1
9.1
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy