2024-01-11
2024-01-11 04:15Z
HIGH

CVE-2023-5448 — Aviplugins Wp_register_profile_with_shortcode: The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5448

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 352VNDAvipluginsVNDRegisterTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-01-09
2024-01-09 02:15Z
CRIT

CVE-2023-26999 — Netscout Ngeniusone: An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-26999

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile

CWECWE 611VNDNetscoutTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-01-09
2024-01-09 01:15Z
CRIT

CVE-2023-50643 — Evernote Evernote: An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50643

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. CVSSv3.1 9.8 (CRITICAL) · EPSS 80th percentile

VNDEvernoteTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2024-01-08
2024-01-08 20:15Z
HIGH

CVE-2023-47890 — Pyload Pyload: 0.5.0 is vulnerable to Unrestricted File Upload.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47890

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile

CWECWE 22VNDPyloadTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-01-03
2024-01-03 15:15Z
HIGH

CVE-2023-45559 — Linecorp Line: An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45559

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. CVSSv3.1 8.2 (HIGH) · EPSS 39th percentile

VNDLinecorpVNDTamaki HamanokiTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-01-03
2024-01-03 06:15Z
HIGH

CVE-2023-6600 — Daan Omgf: plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease CVSSv3.1 8.6 (HIGH) · EPSS 40th percentile

CWECWE 862CWECWE 79VNDDaanVNDOmgfTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-01-02
2024-01-02 21:15Z
CRIT

CVE-2023-47458 — Bladex Springblade: An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47458

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 862VNDBladexVNDSpringbladeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-01-02
2024-01-02 13:15Z
CRIT

CVE-2023-6436 — Ekolbilisim Web_sablonu_yazilimi: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6436

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDEkolbilisimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-30
2023-12-30 17:15Z
CRIT

CVE-2023-50651 — Totolink X6000r_firmware: X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-29
2023-12-29 15:15Z
CRIT

CVE-2023-4675 — Gmbilisim Multi-disciplinary_design_optimization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile

CWECWE 89VNDGmbilisimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-29
2023-12-29 15:15Z
CRIT

CVE-2023-4541 — Ween Management_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4541

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDWeenTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-28
2023-12-28 15:15Z
HIGH

CVE-2023-46987 — Seacms Seacms: v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46987

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile

CWECWE 94VNDSeacmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-28
2023-12-28 10:15Z
CRIT

CVE-2023-4671 — Talentyazilim Ecop: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4671

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 89VNDTalentyazilimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-27
2023-12-27 23:15Z
CRIT

CVE-2023-6879 — Aomedia Aomedia: Increasing the resolution of video frames, while performing a multi-threaded encode, can result in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6879

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). CVSSv3.1 9.0 (CRITICAL) · EPSS 63th percentile

CWECWE 20CWECWE 787VNDFedoraprojectVNDAomediaTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2023-12-27
2023-12-27 15:15Z
CRIT

CVE-2023-6190 — Ikcu University_information_management_system: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6190

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDIkcuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-23
2023-12-23 02:15Z
HIGH

CVE-2023-7002 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-7002

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. CVSSv3.1 7.2 (HIGH) · EPSS 96th percentile

CWECWE 78VNDBackupblissVNDBackupTYPVulnerability
7.2
CVSS v3.1
93
Edit Score
2023-12-23
2023-12-23 02:15Z
CRIT

CVE-2023-6972 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6972

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile

CWECWE 22VNDBackupblissVNDBackupTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-21
2023-12-21 14:15Z
CRIT

CVE-2023-6145 — Softomi Advanced_c2c_marketplace_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6145

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDSoftomiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50992 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50992

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50990 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50990

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50989 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50989

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50988 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50988

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50987 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50987

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50986 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50986

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 120CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50985 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50985

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score