2023-09-27
2023-09-27 15:19Z
CRIT

CVE-2023-4737 — Hedeftakip Admin_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4737

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile

CWECWE 89VNDHedeftakipTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-27
2023-09-27 15:19Z
CRIT

CVE-2023-43234 — Dedebiz Dedebiz: v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43234

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile

CWECWE 94VNDDedebizTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-27
2023-09-27 15:18Z
CRIT

CVE-2023-35071 — Mrv Logging_administration_panel: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35071

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 . CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 89VNDMrvTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-25
2023-09-25 23:15Z
HIGH

CVE-2023-43278 — Seacms Seacms: A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43278

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. CVSSv3.1 8.8 (HIGH) · EPSS 20th percentile

CWECWE 352VNDSeacmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-25
2023-09-25 16:15Z
CRIT

CVE-2023-43141 — Totolink A3700r_firmware: A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43141

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 284VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-21
2023-09-21 20:15Z
CRIT

CVE-2023-34576 — Store-opart Op\'art_product_faq: SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-34576

SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 89VNDStore OpartTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-20
2023-09-20 22:15Z
CRIT

CVE-2023-34575 — Store-opart Op\'art_save_cart: SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-34575

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 89VNDStore OpartTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-09-20
2023-09-20 01:15Z
CRIT

CVE-2023-38888 — Dolibarr Dolibarr_erp\/crm: Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-38888

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. CVSSv3.1 9.6 (CRITICAL) · EPSS 64th percentile

CWECWE 79VNDDolibarrTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2023-09-20
2023-09-20 01:15Z
HIGH

CVE-2023-38887 — Dolibarr Dolibarr_erp\/crm: File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-38887

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 434VNDDolibarrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-20
2023-09-20 01:15Z
HIGH

CVE-2023-38886 — Dolibarr Dolibarr_erp\/crm: An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-38886

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile

CWECWE 78VNDDolibarrTYPVulnerability
7.2
CVSS v3.1
96
Edit Score
2023-09-19
2023-09-19 23:15Z
HIGH

CVE-2023-40933 — Nagios Nagios_xi: A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. CVSSv3.1 8.8 (HIGH) · EPSS 92th percentile

CWECWE 89VNDNagiosTYPVulnerability
8.8
CVSS v3.1
96
Edit Score
2023-09-19
2023-09-19 23:15Z
MED

CVE-2023-40931 — Nagios Nagios_xi: A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php CVSSv3.1 6.5 (MEDIUM) · EPSS 96th percentile

CWECWE 89VNDNagiosTYPVulnerability
6.5
CVSS v3.1
87
Edit Score
2023-09-16
2023-09-16 02:15Z
CRIT

CVE-2023-4994 — Hitreach Allow_php_in_posts_and_pages: The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4994

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. CVSSv3.1 9.9 (CRITICAL) · EPSS 79th percentile

CWECWE 94VNDHitreachVNDAllowTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2023-09-15
2023-09-15 09:15Z
CRIT

CVE-2023-4835 — Petroleum_management_software_application_project Petroleum_management_software_application: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulner

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4835

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Software: before 20230912 . CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDPetroleum Management Software Application ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 09:15Z
CRIT

CVE-2023-4833 — Besttem_network_marketing_project Besttem_network_marketing: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4833

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDBesttem Network Marketing ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 09:15Z
HIGH

CVE-2023-4665 — Adobe Connect: Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4665

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 732CWECWE 279VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-15
2023-09-15 09:15Z
HIGH

CVE-2023-4664 — Adobe Connect: Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4664

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile

CWECWE 276VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-15
2023-09-15 09:15Z
CRIT

CVE-2023-4662 — Adobe Connect: Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4662

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9. CVSSv3.1 9.8 (CRITICAL) · EPSS 73th percentile

CWECWE 269CWECWE 250VNDAdobeVNDExecutionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 09:15Z
CRIT

CVE-2023-4661 — Adobe Connect: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4661

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 89VNDAdobeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 08:15Z
CRIT

CVE-2023-4670 — Innosa_probbys_project Innosa_probbys: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4670

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDInnosa Probbys ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 08:15Z
CRIT

CVE-2023-4231 — Cevik Informatics_online_payment_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4231

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection. This issue affects Online Payment System: before 4.09. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDCevikTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 06:15Z
CRIT

CVE-2023-4830 — Turaconsulting Signalix: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4830

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. This issue affects Signalix: 7T_0228. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDTuraconsultingTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-15
2023-09-15 06:15Z
CRIT

CVE-2023-4673 — Sanalogi Turasistan: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4673

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDSanalogiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 20:15Z
CRIT

CVE-2023-4972 — Yepas Digital_yepas: Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4972

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile

CWECWE 648VNDYepasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 20:15Z
CRIT

CVE-2023-4702 — Yepas Digital_yepas: Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4702

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile

CWECWE 288CWECWE 306VNDYepasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score