2023-05-25
2023-05-25 14:15Z
CRIT

CVE-2023-2851 — Agtteknik Ceppatron: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2851

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection.This issue affects all versions of the sofware also EOS when CVE-ID assigned. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89VNDAgtteknikTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-25
2023-05-25 09:15Z
CRIT

CVE-2023-2887 — Cbot Cbot_core: Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2887

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 290VNDCbotTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-25
2023-05-25 09:15Z
HIGH

CVE-2023-2885 — Cbot Cbot_core: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2885

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. CVSSv3.1 8.1 (HIGH) · EPSS 27th percentile

CWECWE 924VNDCbotVNDEnforcementTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-05-25
2023-05-25 09:15Z
CRIT

CVE-2023-2884 — Cbot Cbot_core: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2884

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile

CWECWE 338CWECWE 330VNDCbotTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-25
2023-05-25 09:15Z
HIGH

CVE-2023-2883 — Cbot Cbot_core: Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2883

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile

CWECWE 639VNDCbotTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-05-25
2023-05-25 09:15Z
CRIT

CVE-2023-2882 — Cbot Cbot_core: Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2882

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. CVSSv3.1 9.8 (CRITICAL) · EPSS 29th percentile

CWECWE 1270VNDCbotVNDGenerationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-25
2023-05-25 03:15Z
CRIT

CVE-2023-2734 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2734

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 288VNDInspireuiVNDMstoreTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-05-25
2023-05-25 03:15Z
CRIT

CVE-2023-2733 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2733

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 288VNDInspireuiVNDMstoreTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-25
2023-05-25 03:15Z
CRIT

CVE-2023-2732 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2732

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 288VNDInspireuiVNDMstoreTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-05-25
2023-05-25 00:15Z
HIGH

CVE-2023-2500 — Granthweb Go_pricing: The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2500

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the targe CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile

CWECWE 502VNDGranthwebVNDPricingTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-05-24
2023-05-24 14:15Z
CRIT

CVE-2023-2064 — Minovateknoloji Etrace: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2064

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 89VNDMinovateknolojiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-24
2023-05-24 14:15Z
CRIT

CVE-2023-2045 — Ipekyolunet Software_auto_damage_tracking_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2045

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 89VNDIpekyolunetTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-24
2023-05-24 13:15Z
HIGH

CVE-2023-2065 — Armoli Cargo_tracking_system: Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2065

Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 . CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile

CWECWE 639VNDArmoliTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-05-24
2023-05-24 12:15Z
CRIT

CVE-2023-2750 — Cityboss E-municipality: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2750

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 89VNDCitybossTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-23
2023-05-23 21:15Z
CRIT

CVE-2023-1508 — Adampos Mobilmen_el_terminali_yazilimi: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1508

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 89VNDAdamposTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-23
2023-05-23 20:15Z
HIGH

CVE-2023-2702 — Finexmedia Competition_management_system: Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2702

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07. CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile

CWECWE 639VNDFinexmediaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-05-22
2023-05-22 17:15Z
HIGH

CVE-2023-31742 — Linksys Wrt54gl_firmware: There is a command injection vulnerability in the Linksys WRT54GL router with firmware version

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-31742

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. CVSSv3.1 7.2 (HIGH) · EPSS 95th percentile

CWECWE 77VNDLinksysVNDThereTYPVulnerability
7.2
CVSS v3.1
89
Edit Score
2023-05-20
2023-05-20 10:15Z
CRIT

CVE-2023-2713 — Rental_module_project Rental_module: Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2713

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 639VNDRental Module ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-20
2023-05-20 10:15Z
CRIT

CVE-2023-2712 — Rental_module_project Rental_module: Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2712

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 434VNDRental Module ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-20
2023-05-20 04:15Z
CRIT

CVE-2023-2276 — Wclovers Wcfm_membership: The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile

CWECWE 639VNDWcloversVNDWcfmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-19
2023-05-19 03:15Z
CRIT

CVE-2023-2704 — Vibethemes Bp_social_connect: The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2704

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 288CWECWE 306VNDVibethemesVNDSocialTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-18
2023-05-18 02:15Z
CRIT

CVE-2023-31729 — Totolink A3300r_firmware: A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile

CWECWE 77VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-05-17
2023-05-17 09:15Z
MED

CVE-2023-2745 — Wordpress Wordpress: Core is vulnerable to Directory Traversal in versions up to, and including, 6.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. CVSSv3.1 5.4 (MEDIUM) · EPSS 99th percentile

CWECWE 22VNDWordpressTYPVulnerability
5.4
CVSS v3.1
100
Edit Score
2023-05-17
2023-05-17 02:15Z
HIGH

CVE-2023-2706 — Xootix Otp_login_woocommerce_\&_gravity_forms: The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2706

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social CVSSv3.1 8.1 (HIGH) · EPSS 82th percentile

CWECWE 287VNDXootixVNDOtpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-05-16
2023-05-16 09:15Z
CRIT

CVE-2023-2499 — Metagauss Registrationmagic: The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2499

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 288CWECWE 287VNDMetagaussVNDRegistrationmagicTYPVulnerability
9.8
CVSS v3.1
99
Edit Score