2023-05-18
2023-05-18 02:15Z
CRIT

CVE-2023-31729 — Totolink A3300r_firmware: A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-31729

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile

CWECWE 77VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-05-17
2023-05-17 09:15Z
MED

CVE-2023-2745 — Wordpress Wordpress: Core is vulnerable to Directory Traversal in versions up to, and including, 6.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2745

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. CVSSv3.1 5.4 (MEDIUM) · EPSS 99th percentile

CWECWE 22VNDWordpressTYPVulnerability
5.4
CVSS v3.1
100
Edit Score
2023-05-17
2023-05-17 02:15Z
HIGH

CVE-2023-2706 — Xootix Otp_login_woocommerce_\&_gravity_forms: The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2706

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social CVSSv3.1 8.1 (HIGH) · EPSS 82th percentile

CWECWE 287VNDXootixVNDOtpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-05-16
2023-05-16 09:15Z
CRIT

CVE-2023-2499 — Metagauss Registrationmagic: The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2499

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 288CWECWE 287VNDMetagaussVNDRegistrationmagicTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-12
2023-05-12 14:15Z
CRIT

CVE-2023-27823 — Optoma 1080pstx: An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27823

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 287CWECWE 295VNDOptomaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-05-11
2023-05-11 13:15Z
CRIT

CVE-2023-29863 — Medisys Weblab: Products v19.4.03 was discovered to contain a SQL injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-29863

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 89VNDMedisysVNDMedicalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-08
2023-05-08 01:15Z
CRIT

CVE-2023-30185 — Crmeb Crmeb: v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-30185

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 434VNDCrmebTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-05-05
2023-05-05 12:15Z
CRIT

CVE-2023-30242 — Netentsec Application_security_gateway: NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-30242

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 89VNDAsgVNDNetentsecTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-04
2023-05-04 20:15Z
CRIT

CVE-2023-23059 — Geovision Gv-edge_recording_manager: An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-23059

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 276VNDGeovisionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-05-02
2023-05-02 20:15Z
CRIT

CVE-2023-29778 — Gl-inet Gl-mt3000_firmware: GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

CWECWE 78VNDGl InetVNDMt3000TYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-04-28
2023-04-28 17:15Z
CRIT

CVE-2023-27973 — Hp Laserjet_pro_m304-m305_w1a46a_firmware: Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27973

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 787VNDHpVNDCertainTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-28
2023-04-28 16:15Z
CRIT

CVE-2023-27972 — Hp Laserjet_pro_m304-m305_w1a46a_firmware: Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27972

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 120VNDHpVNDCertainTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-28
2023-04-28 16:15Z
CRIT

CVE-2023-27971 — Hp Laserjet_pro_m304-m305_w1a46a_firmware: Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27971

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 120VNDHpVNDCertainTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-27
2023-04-27 02:15Z
CRIT

CVE-2022-47758 — Nanoleaf Nanoleaf_firmware: firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-47758

Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 295VNDNanoleafTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-27
2023-04-27 00:15Z
CRIT

CVE-2023-2297 — Cozmoslabs Profile_builder: The Profile Builder – User Profile & User Registration Forms plugin for WordPress is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2297

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently us CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 287CWECWE 620VNDCozmoslabsVNDProfileTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-26
2023-04-26 00:15Z
CRIT

CVE-2023-30404 — Aigital Wireless-n_repeater_mini_router_firmware: Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-30404

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile

CWECWE 94VNDAigitalTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-04-18
2023-04-18 13:15Z
CRIT

CVE-2022-46640 — Nanoleaf Nanoleaf_desktop: Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46640

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile

CWECWE 77VNDNanoleafTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-04-17
2023-04-17 14:15Z
CRIT

CVE-2023-1873 — Faturamatik Bircard: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1873

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 89VNDFaturamatikTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-17
2023-04-17 12:15Z
CRIT

CVE-2023-1723 — Vegayazilim Mobile_assistant: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1723

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2343. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 89VNDVegayazilimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-15
2023-04-15 08:15Z
CRIT

CVE-2023-2027 — Zm_ajax_login_\&_register_project Zm_ajax_login_\&_register: The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-2027

The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 288CWECWE 287VNDZm Ajax Login Register ProjectVNDAjaxTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-14
2023-04-14 14:15Z
CRIT

CVE-2023-1833 — Redline Router_firmware: Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1833

Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 287CWECWE 305VNDRedlineTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-14
2023-04-14 14:15Z
CRIT

CVE-2023-1803 — Redline Router_firmware: Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1803

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 287CWECWE 289VNDRedlineTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-14
2023-04-14 09:15Z
CRIT

CVE-2023-1863 — Eskom El_terminali_\(su_okuma\)_uygulamalarimiz: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1863

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 89VNDEskomTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-13
2023-04-13 20:15Z
CRIT

CVE-2023-27667 — Auto_dealer_management_system_project Auto_dealer_management_system: Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27667

Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 89VNDAutoVNDAuto Dealer Management System ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-04-13
2023-04-13 17:15Z
CRIT

CVE-2023-27779 — Amsystem Am_presencia: AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27779

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile

CWECWE 89VNDAmsystemVNDPresenciaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score