Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-4737 — Hedeftakip Admin_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile
CVE-2023-43234 — Dedebiz Dedebiz: v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile
CVE-2023-35071 — Mrv Logging_administration_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile
CVE-2023-43278 — Seacms Seacms: A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. CVSSv3.1 8.8 (HIGH) · EPSS 20th percentile
CVE-2023-43141 — Totolink A3700r_firmware: A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile
CVE-2023-34576 — Store-opart Op\'art_product_faq: SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile
CVE-2023-34575 — Store-opart Op\'art_save_cart: SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2023-38888 — Dolibarr Dolibarr_erp\/crm: Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. CVSSv3.1 9.6 (CRITICAL) · EPSS 64th percentile
CVE-2023-38887 — Dolibarr Dolibarr_erp\/crm: File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2023-38886 — Dolibarr Dolibarr_erp\/crm: An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile
CVE-2023-40933 — Nagios Nagios_xi: A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. CVSSv3.1 8.8 (HIGH) · EPSS 92th percentile
CVE-2023-40931 — Nagios Nagios_xi: A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php CVSSv3.1 6.5 (MEDIUM) · EPSS 96th percentile
CVE-2023-4994 — Hitreach Allow_php_in_posts_and_pages: The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote
The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. CVSSv3.1 9.9 (CRITICAL) · EPSS 79th percentile
CVE-2023-4835 — Petroleum_management_software_application_project Petroleum_management_software_application: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulner
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 . CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-4833 — Besttem_network_marketing_project Besttem_network_marketing: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-4665 — Adobe Connect: Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2023-4664 — Adobe Connect: Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2023-4662 — Adobe Connect: Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9. CVSSv3.1 9.8 (CRITICAL) · EPSS 73th percentile
CVE-2023-4661 — Adobe Connect: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile
CVE-2023-4670 — Innosa_probbys_project Innosa_probbys: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-4231 — Cevik Informatics_online_payment_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection. This issue affects Online Payment System: before 4.09. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-4830 — Turaconsulting Signalix: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. This issue affects Signalix: 7T_0228. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-4673 — Sanalogi Turasistan: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2023-4972 — Yepas Digital_yepas: Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile
CVE-2023-4702 — Yepas Digital_yepas: Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile