2023-09-15
2023-09-15 06:15Z
CRIT

CVE-2023-4673 — Sanalogi Turasistan: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4673

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDSanalogiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 20:15Z
CRIT

CVE-2023-4972 — Yepas Digital_yepas: Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4972

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile

CWECWE 648VNDYepasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 20:15Z
CRIT

CVE-2023-4702 — Yepas Digital_yepas: Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4702

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile

CWECWE 288CWECWE 306VNDYepasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 19:16Z
CRIT

CVE-2023-4766 — Movus Movus: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4766

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection. This issue affects Movus: before 20230913. CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile

CWECWE 89VNDMovusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 19:16Z
CRIT

CVE-2023-4669 — Exagate Sysguard_3001_firmware: Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4669

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 287CWECWE 302VNDExagateTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-14
2023-09-14 18:15Z
CRIT

CVE-2023-4832 — Acekaholding Company_management: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4832

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072 . CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile

CWECWE 89VNDAcekaholdingTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-13
2023-09-13 03:15Z
HIGH

CVE-2023-4916 — Idehweb Login_with_phone_number: The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4916

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 34th percentile

CWECWE 352VNDIdehwebVNDLoginTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-09-13
2023-09-13 03:15Z
HIGH

CVE-2023-4213 — Mikevanwinkle Simplr_registration_form_plus\+: The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4213

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts. CVSSv3.1 8.8 (HIGH) · EPSS 18th percentile

CWECWE 639VNDMikevanwinkleVNDSimplrTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-13
2023-09-13 03:15Z
HIGH

CVE-2023-4153 — Webmedia Ban_users: The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user. CVSSv3.1 8.8 (HIGH) · EPSS 29th percentile

CWECWE 266VNDWebmediaVNDBanTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-09-12
2023-09-12 12:15Z
CRIT

CVE-2023-39637 — Dlink Dir-816_firmware: D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-39637

D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis. CVSSv3.1 9.8 (CRITICAL) · EPSS 80th percentile

CWECWE 77VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-09-08
2023-09-08 03:15Z
CRIT

CVE-2021-27715 — Mofinetwork Mofi4500-4gxelte-v2_firmware: An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-27715

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. CVSSv3.1 9.8 (CRITICAL) · EPSS 60th percentile

CWECWE 287VNDMofinetworkVNDMofiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-06
2023-09-06 09:15Z
CRIT

CVE-2023-4634 — Davidlingren Media_library_assistant: The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and re CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 73VNDDavidlingrenVNDMediaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-09-05
2023-09-05 20:15Z
CRIT

CVE-2023-41009 — Adlered Bolo-solo: File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-41009

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 434VNDAdleredTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 19:15Z
CRIT

CVE-2023-4531 — Mestav E-commerce_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4531

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software: before 20230901 . CVSSv3.1 9.8 (CRITICAL) · EPSS 19th percentile

CWECWE 89VNDMestavTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 19:15Z
CRIT

CVE-2023-4178 — Neutron Smart_vms: Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4178

Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 5th percentile

CWECWE 290VNDNeutronTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 19:15Z
CRIT

CVE-2023-4034 — Digitatek Smartrise_document_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-4034

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This issue affects Smartrise Document Management System: before Hvl-2.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 89VNDDigitatekTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 18:15Z
CRIT

CVE-2023-3616 — Mava Hotel_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3616

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before 2.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 19th percentile

CWECWE 89VNDMavaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 18:15Z
CRIT

CVE-2023-35072 — Coyavtravel Proagent: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35072

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection.This issue affects Proagent: before 20230904 . CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 89VNDCoyavtravelTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 18:15Z
CRIT

CVE-2023-35068 — Bma Personnel_tracking_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35068

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection.This issue affects Personnel Tracking System: before 20230904. CVSSv3.1 9.8 (CRITICAL) · EPSS 19th percentile

CWECWE 89VNDBmaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 18:15Z
CRIT

CVE-2023-35065 — Osoft Dyeing_-_printing_-_finishing_production_management: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-35065

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.This issue affects Paint Production Management: before 2.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 19th percentile

CWECWE 89VNDOsoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 17:15Z
CRIT

CVE-2023-3374 — Bookreen Bookreen: Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3374

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 27th percentile

CWECWE 184VNDBookreenVNDIncompleteTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-09-05
2023-09-05 16:15Z
CRIT

CVE-2023-36361 — Web-audimex Audimexee: v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-36361

Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 89VNDWeb AudimexVNDAudimexeeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-08-31
2023-08-31 06:15Z
HIGH

CVE-2023-3677 — Rednao Woocommerce_pdf_invoice_builder: The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3677

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 8.8 (HIGH) · EPSS 60th percentile

CWECWE 89VNDRednaoVNDWoocommerceTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-08-31
2023-08-31 06:15Z
HIGH

CVE-2023-3636 — Wedevs Wp_project_manager: The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3636

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter. CVSSv3.1 8.8 (HIGH) · EPSS 24th percentile

CWECWE 269VNDWedevsVNDProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-08-31
2023-08-31 06:15Z
CRIT

CVE-2023-3162 — Webtoffee Stripe_payment_plugin_for_woocommerce: The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 288VNDWebtoffeeVNDStripeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score