Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-50992 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50990 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50989 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2023-50988 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50987 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50986 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50985 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50984 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-50983 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2023-48795 — Openbsd Openssh: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extension CVSSv3.1 5.9 (MEDIUM) · EPSS 98th percentile
CVE-2023-50918 — Misp-project Misp: app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2023-6553 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2023-47326 — Silverpeas Silverpeas: Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. CVSSv3.1 8.8 (HIGH) · EPSS 31th percentile
CVE-2023-47322 — Silverpeas Silverpeas: The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile
CVE-2023-47320 — Silverpeas Silverpeas: Core 6.3.1 is vulnerable to Incorrect Access Control.
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. CVSSv3.1 8.1 (HIGH) · EPSS 50th percentile
CVE-2023-33413 — Supermicro M11sdv-4c-ln4f_firmware: The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC)
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile
CVE-2023-33412 — Supermicro M11sdv-4c-ln4f_firmware: The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC)
The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2023-43303 — Linecorp Line: An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send
An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic). CVSSv3.1 8.2 (HIGH) · EPSS 41th percentile
CVE-2023-5636 — Arslansoft_education_portal_project Arslansoft_education_portal: Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile
CVE-2023-5634 — Arslansoft_education_portal_project Arslansoft_education_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 30th percentile
CVE-2023-40600 — Ewww Image_optimizer: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. CVSSv3.1 5.3 (MEDIUM) · EPSS 98th percentile
CVE-2023-23325 — Zumtobel Netlink_ccd_firmware: Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
CVE-2023-23324 — Zumtobel Netlink_ccd_firmware: Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-48193 — Fit2cloud Jumpserver: Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
CVE-2023-6201 — Univera Panorama: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0. CVSSv3.1 8.8 (HIGH)