2023-10-19
2023-10-19 13:15Z
CRIT

CVE-2022-37830 — Webjet Webjet_cms: Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-37830

Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). CVSSv3.1 9.6 (CRITICAL) · EPSS 47th percentile

CWECWE 79VNDWebjetVNDInterwayTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2023-10-19
2023-10-19 06:15Z
CRIT

CVE-2023-5241 — Quantumcloud Wpbot: The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5241

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php. CVSSv3.1 9.6 (CRITICAL) · EPSS 85th percentile

CWECWE 22VNDQuantumcloudVNDChatbotTYPVulnerability
9.6
CVSS v3.1
99
Edit Score
2023-10-19
2023-10-19 06:15Z
CRIT

CVE-2023-5212 — Quantumcloud Wpbot: The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5212

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account. Version 4.9.1 originally addressed the issue, but it was reintroduced in 4.9.2 and fixed again in 4.9.3. CVSSv3.1 9.6 (CRITICAL) · EPSS 54th percentile

CWECWE 22VNDQuantumcloudVNDChatbotTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2023-10-19
2023-10-19 06:15Z
CRIT

CVE-2023-5204 — Quantumcloud Wpbot: The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5204

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 89VNDQuantumcloudVNDChatbotTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-10-19
2023-10-19 02:15Z
HIGH

CVE-2023-5336 — Ipanorama_360_wordpress_virtual_tour_builder_project Ipanorama_360_wordpress_virtual_tour_builder: The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5336

The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract s CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 89VNDWordpressVNDIpanorama 360 Wordpress Virtual Tour Builder ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-10-18
2023-10-18 04:15Z
CRIT

CVE-2023-38545 — Haxx Libcurl: When curl is asked to pass along the host name to the SOCKS5 proxy

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host reso CVSSv3.1 9.8 (CRITICAL) · EPSS 96th percentile

CWECWE 787VNDFedoraprojectVNDNetappVNDHaxxTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-10-12
2023-10-12 12:15Z
CRIT

CVE-2023-5046 — Biltay Procost: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5046

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 89VNDBiltayTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-10-12
2023-10-12 12:15Z
CRIT

CVE-2023-5045 — Biltay Kayisi: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Kayisi: before 1286. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 89VNDBiltayTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-10
2023-10-10 14:15Z
HIGH

CVE-2023-44487 — Ietf Http: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-44487in the wild

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVSSv3.1 7.5 (HIGH) · EPSS 100th percentile

CWECWE 400VNDIetfVNDNghttp2VNDNettyVNDEnvoyproxyTYPVulnerabilitySTAitw exploited
7.5
CVSS v3.1
100
Edit Score
2023-10-07
2023-10-07 01:15Z
CRIT

CVE-2023-45199 — Trustedfirmware Mbed_tls: Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-45199

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

CWECWE 120VNDMbedVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-10-06
2023-10-06 10:15Z
CRIT

CVE-2023-4530 — Turnatasarim Advertising_administration_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4530

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile

CWECWE 89VNDTurnatasarimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-10-04
2023-10-04 12:15Z
CRIT

CVE-2023-44208 — Acronis Cyber_protect_home_office: Sensitive information disclosure and manipulation due to missing authorization.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-44208

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. CVSSv3.1 9.1 (CRITICAL) · EPSS 37th percentile

CWECWE 862VNDAcronisTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2023-10-04
2023-10-04 12:15Z
HIGH

CVE-2023-43261 — Milesight Ur5x_firmware: An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile

CWECWE 532VNDMilesightTYPVulnerability
7.5
CVSS v3.1
100
Edit Score
2023-10-03
2023-10-03 21:33Z
CRIT

RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)

Assetnote·blog.assetnote.ioCVE-2023-40044

Progress WS_FTP Ad Hoc contains a remote code execution vulnerability (CVE-2023-40044) exploitable through IIS HTTP modules. The vulnerability allows unauthenticated attackers to achieve RCE on affected systems running the vulnerable WS_FTP Ad Hoc product.

SRFApplicationTACTA0001TACTA0002SRFWebVNDMicrosoftVNDProgressTYPResearchTYPWriteup
78
Edit Score
2023-10-03
2023-10-03 21:15Z
HIGH

CVE-2023-43176 — Afterlogic Aurora_files: A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile

CWECWE 502VNDAfterlogicTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2023-10-03
2023-10-03 18:15Z
HIGH

CVE-2023-4911 — Netapp Bootstrap_os: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4911in the wild

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. CVSSv3.1 7.8 (HIGH) · EPSS 99th percentile

CWECWE 787CWECWE 122VNDGnuVNDFedoraprojectVNDNetappTYPVulnerabilitySTAitw exploited
7.8
CVSS v3.1
100
Edit Score
2023-10-01
2023-10-01 23:43Z
INFO

v1.0.0

NetExec releases·github.com

NetExec v1.0.0 released as a stable baseline version following the project rename. The release includes bug fixes for WMI admin checks, WinRM conditions, WebDAV module exception handling, LDAP logging crashes, and encoding errors. Windows binaries are now provided alongside the traditional Linux installation method.

SRFNetworkVNDNetexecTYPToolSTGDiscoverySTGInitial AccessSTGCred Access
45
Edit Score
2023-09-30
2023-09-30 03:15Z
CRIT

CVE-2023-5201 — Rickbeckman Openhook: The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5201

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. CVSSv3.1 9.9 (CRITICAL) · EPSS 92th percentile

CWECWE 94VNDRickbeckmanVNDOpenhookTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2023-09-28
2023-09-28 03:15Z
HIGH

CVE-2023-41450 — Phpkobo Ajaxnewsticker: An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41450

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 94VNDPhpkoboVNDAjaxnewstickerTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-27
2023-09-27 23:15Z
HIGH

CVE-2023-41452 — Phpkobo Ajaxnewsticker: Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41452

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile

CWECWE 352VNDPhpkoboTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-27
2023-09-27 23:15Z
CRIT

CVE-2023-41449 — Phpkobo Ajaxnewsticker: An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41449

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 918VNDPhpkoboVNDAjaxnewstickerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-27
2023-09-27 19:55Z
INFO

Volatility 3 2.5.0

Volatility3 releases·github.com

Volatility 3 version 2.5.0 released with new Linux capabilities plugin, Linux process dumping support, Xen ELF file format support, and improved Linux subsystem support. Release includes documentation tutorials and core API improvements.

SRFOsVNDVolatilityTYPToolSTGDiscovery
35
Edit Score
2023-09-27
2023-09-27 15:19Z
HIGH

CVE-2023-4934 — Usta Aybs: Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4934

Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass. This issue affects AYBS: before 1.0.3. CVSSv3.1 8.8 (HIGH) · EPSS 22th percentile

CWECWE 639VNDUstaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-27
2023-09-27 15:19Z
CRIT

CVE-2023-4737 — Hedeftakip Admin_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile

CWECWE 89VNDHedeftakipTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-27
2023-09-27 15:19Z
CRIT

CVE-2023-43234 — Dedebiz Dedebiz: v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile

CWECWE 94VNDDedebizTYPVulnerability
9.8
CVSS v3.1
99
Edit Score