2024-01-08
2024-01-08 20:15Z
HIGH

CVE-2023-47890 — Pyload Pyload: 0.5.0 is vulnerable to Unrestricted File Upload.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47890

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile

CWECWE 22VNDPyloadTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-01-03
2024-01-03 15:15Z
HIGH

CVE-2023-45559 — Linecorp Line: An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45559

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. CVSSv3.1 8.2 (HIGH) · EPSS 39th percentile

VNDLinecorpVNDTamaki HamanokiTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-01-03
2024-01-03 06:15Z
HIGH

CVE-2023-6600 — Daan Omgf: plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease CVSSv3.1 8.6 (HIGH) · EPSS 40th percentile

CWECWE 862CWECWE 79VNDDaanVNDOmgfTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-01-02
2024-01-02 21:15Z
CRIT

CVE-2023-47458 — Bladex Springblade: An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47458

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 862VNDBladexVNDSpringbladeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-01-02
2024-01-02 13:15Z
CRIT

CVE-2023-6436 — Ekolbilisim Web_sablonu_yazilimi: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6436

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDEkolbilisimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-30
2023-12-30 17:15Z
CRIT

CVE-2023-50651 — Totolink X6000r_firmware: X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-29
2023-12-29 15:15Z
CRIT

CVE-2023-4675 — Gmbilisim Multi-disciplinary_design_optimization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile

CWECWE 89VNDGmbilisimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-12-29
2023-12-29 15:15Z
CRIT

CVE-2023-4541 — Ween Management_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4541

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDWeenTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-28
2023-12-28 15:15Z
HIGH

CVE-2023-46987 — Seacms Seacms: v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46987

SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile

CWECWE 94VNDSeacmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-28
2023-12-28 10:15Z
CRIT

CVE-2023-4671 — Talentyazilim Ecop: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4671

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection. This issue affects ECOP: before 32255. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 89VNDTalentyazilimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-27
2023-12-27 23:15Z
CRIT

CVE-2023-6879 — Aomedia Aomedia: Increasing the resolution of video frames, while performing a multi-threaded encode, can result in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6879

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). CVSSv3.1 9.0 (CRITICAL) · EPSS 63th percentile

CWECWE 20CWECWE 787VNDFedoraprojectVNDAomediaTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2023-12-27
2023-12-27 15:15Z
CRIT

CVE-2023-6190 — Ikcu University_information_management_system: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6190

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal. This issue affects University Information Management System: before 30.11.2023. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDIkcuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-23
2023-12-23 02:15Z
HIGH

CVE-2023-7002 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-7002

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. CVSSv3.1 7.2 (HIGH) · EPSS 96th percentile

CWECWE 78VNDBackupblissVNDBackupTYPVulnerability
7.2
CVSS v3.1
93
Edit Score
2023-12-23
2023-12-23 02:15Z
CRIT

CVE-2023-6972 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6972

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile

CWECWE 22VNDBackupblissVNDBackupTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-21
2023-12-21 14:15Z
CRIT

CVE-2023-6145 — Softomi Advanced_c2c_marketplace_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6145

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDSoftomiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50992 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50992

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50990 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50990

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50989 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50989

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50988 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50988

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50987 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50987

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50986 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50986

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 120CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50985 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50985

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50984 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50984

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50983 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50983

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-18
2023-12-18 16:15Z
MED

CVE-2023-48795 — Openbsd Openssh: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extension CVSSv3.1 5.9 (MEDIUM) · EPSS 98th percentile

CWECWE 354VNDPuttyVNDFilezilla ProjectVNDPanicTYPVulnerability
5.9
CVSS v3.1
96
Edit Score