Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-37679 — Nextgen Mirth_connect: A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2023-38954 — Zkteco Bioaccess_ivs: BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile
CVE-2023-36255 — Eramba Eramba: An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2023-36082 — Gatesair Flexiva_fax_150w_firmware: An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile
CVE-2023-34552 — Ezviz Cs-c6n-b0-1g2wf_firmware: In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build CVSSv3.1 8.8 (HIGH) · EPSS 37th percentile
CVE-2023-34551 — Ezviz Cs-c6n-b0-1g2wf_firmware: In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware v CVSSv3.1 8.0 (HIGH) · EPSS 41th percentile
CVE-2023-34960 — Chamilo Chamilo: A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2023-34842 — Dedecms Dedecms: Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile
CVE-2023-37647 — Sem-cms Semcms: v1.5 was discovered to contain a SQL injection vulnerability via the id parameter
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile
CVE-2023-38512 — Wpstream Wpstream: Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This
Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through <= 4.5.4. CVSSv3.1 8.8 (HIGH)
CVE-2023-3956 — Instawp Instawp_connect: The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile
CVE-2023-35066 — Infodrom E-invoice_approval_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile
CVE-2023-3046 — Biltay Scienta: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
Assetnote published part 2 of their technical analysis of CVE-2023-3519, a critical RCE vulnerability affecting Citrix ADC and NetScaler Gateway. The vulnerability has been exploited in the wild and represents a significant attack surface for organizations running these appliances.
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646)
Assetnote published a detailed writeup of CVE-2023-38646, a pre-authentication RCE vulnerability in Metabase achieved through vulnerability chaining. The exploit allows unauthenticated remote code execution on affected Metabase instances.
Advisory: Metabase Pre-Auth RCE (CVE-2023-38646)
Assetnote disclosed CVE-2023-38646, a pre-authentication remote code execution vulnerability in Metabase. The vulnerability allows unauthenticated attackers to execute arbitrary code on affected instances without requiring valid credentials.
CVE-2023-3713 — Metagauss Profilegrid: The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation. CVSSv3.1 8.8 (HIGH) · EPSS 28th percentile
CVE-2023-2958 — Orjinyazilim Ats_pro: Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile
CVE-2023-3376 — Dijital Zekiweb: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2. CVSSv3.1 9.8 (CRITICAL) · EPSS 29th percentile
CVE-2023-2963 — Olivaekspertiz Oliva_ekspertiz: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 29th percentile
CVE-2023-35070 — Vegagroup Web_collection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile
CVE-2023-2957 — Lisayazilim Florist_site: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile
CVE-2023-1547 — Elra Parkmatik: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile
CVE-2023-3343 — Wpeverest User_registration: The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to del CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile
CVE-2023-3342 — Wpeverest User_registration: The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to
The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and ful CVSSv3.1 9.9 (CRITICAL) · EPSS 91th percentile