Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-47890 — Pyload Pyload: 0.5.0 is vulnerable to Unrestricted File Upload.
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile
CVE-2023-45559 — Linecorp Line: An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. CVSSv3.1 8.2 (HIGH) · EPSS 39th percentile
CVE-2023-6600 — Daan Omgf: plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease CVSSv3.1 8.6 (HIGH) · EPSS 40th percentile
CVE-2023-47458 — Bladex Springblade: An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2023-6436 — Ekolbilisim Web_sablonu_yazilimi: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-50651 — Totolink X6000r_firmware: X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via
TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile
CVE-2023-4675 — Gmbilisim Multi-disciplinary_design_optimization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile
CVE-2023-4541 — Ween Management_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-46987 — Seacms Seacms: v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile
CVE-2023-4671 — Talentyazilim Ecop: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile
CVE-2023-6879 — Aomedia Aomedia: Increasing the resolution of video frames, while performing a multi-threaded encode, can result in
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). CVSSv3.1 9.0 (CRITICAL) · EPSS 63th percentile
CVE-2023-6190 — Ikcu University_information_management_system: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-7002 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. CVSSv3.1 7.2 (HIGH) · EPSS 96th percentile
CVE-2023-6972 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile
CVE-2023-6145 — Softomi Advanced_c2c_marketplace_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-50992 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50990 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50989 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2023-50988 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50987 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50986 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50985 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50984 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50983 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2023-48795 — Openbsd Openssh: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extension CVSSv3.1 5.9 (MEDIUM) · EPSS 98th percentile