2023-03-09
2023-03-09 08:15Z
CRIT

CVE-2023-1251 — Akinsoft Wolvox: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1251

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 89VNDAkinsoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-08
2023-03-08 12:15Z
CRIT

CVE-2023-1267 — Pttemkart Pttem_kart: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1267

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile

CWECWE 89VNDPttemkartTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-07
2023-03-07 22:15Z
MED

CVE-2023-1263 — Niteothemes Coming_soon_\&_maintenance: The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1263

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled. CVSSv3.1 5.3 (MEDIUM) · EPSS 96th percentile

CWECWE 200VNDNiteothemesVNDCmpTYPVulnerability
5.3
CVSS v3.1
83
Edit Score
2023-03-07
2023-03-07 15:15Z
HIGH

CVE-2021-4331 — Posimyth The_plus_addons_for_elementor: The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4331

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set t CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 862VNDPosimythVNDPlusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-03-07
2023-03-07 14:15Z
HIGH

CVE-2021-4330 — Envato Envato_elements: The Envato Elements & Download and Template Kit – Import plugins for WordPress are

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Imp CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile

CWECWE 434VNDEnvatoTYPVulnerability
8.8
CVSS v3.1
97
Edit Score
2023-03-07
2023-03-07 14:15Z
HIGH

CVE-2020-36669 — Jetbackup Jetbackup: The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-36669

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile

CWECWE 352VNDJetbackupTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-03-07
2023-03-07 09:15Z
CRIT

CVE-2022-3760 — Miateknoloji Mia-med: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3760

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 89VNDMiateknolojiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-03-06
2023-03-06 15:15Z
CRIT

CVE-2023-0979 — Meddatapacs Meddatapacs: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0979

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. This issue affects MedDataPACS : before 2023-03-03. CVSSv3.1 9.8 (CRITICAL) · EPSS 35th percentile

CWECWE 89VNDMeddatapacsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-06
2023-03-06 08:15Z
CRIT

CVE-2023-0839 — Inscada_project Inscada: allows Account Footprinting.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0839

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting. This issue affects inSCADA: before 20230115-1. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 1320VNDProtectionVNDInscada ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-03
2023-03-03 13:15Z
CRIT

CVE-2022-45553 — Zbt We1626_firmware: An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45553

An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 94VNDShenzhenVNDZbtTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-03
2023-03-03 13:15Z
CRIT

CVE-2022-45551 — Zbt We1626_firmware: An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45551

An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 306VNDShenzhenVNDZbtTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-03-02
2023-03-02 21:15Z
CRIT

CVE-2022-46501 — Accruent Maintenance_connection: LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46501

Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. CVSSv3.1 9.8 (CRITICAL) · EPSS 45th percentile

CWECWE 89VNDAccruentTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-02
2023-03-02 19:15Z
HIGH

CVE-2023-0084 — Wpmet Metform_elementor_contact_form_builder: The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile

CWECWE 79VNDWpmetVNDMetformTYPVulnerability
7.2
CVSS v3.1
100
Edit Score
2023-03-02
2023-03-02 12:15Z
CRIT

CVE-2021-3854 — Glox Useroam_hotspot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-3854

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 89VNDGloxTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-01
2023-03-01 16:15Z
HIGH

CVE-2022-45608 — Thingsboard Thingsboard: An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45608

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value). CVSSv3.1 8.8 (HIGH) · EPSS 55th percentile

CWECWE 269VNDThingsboardTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-03-01
2023-03-01 13:15Z
CRIT

CVE-2023-1114 — Eskom E-belediye: Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1114

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 862VNDEskomTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-01
2023-03-01 13:15Z
CRIT

CVE-2023-1064 — Uzaybaskul Weighbridge_automation_software: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1064

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection. This issue affects Weighbridge Automation Software: before 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile

CWECWE 89VNDUzaybaskulTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-03-01
2023-03-01 08:15Z
HIGH

CVE-2021-3855 — Liman Port_mys: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-3855

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462. CVSSv3.1 8.8 (HIGH) · EPSS 81th percentile

CWECWE 77VNDLimanTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-28
2023-02-28 13:15Z
MED

CVE-2023-1080 — Gnpublisher Gn_publisher: The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 98th percentile

CWECWE 79VNDGnpublisherVNDPublisherTYPVulnerability
6.1
CVSS v3.1
94
Edit Score
2023-02-24
2023-02-24 16:15Z
CRIT

CVE-2021-33224 — Umbraco Umbraco_forms: File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 434VNDUmbracoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-24
2023-02-24 12:15Z
CRIT

CVE-2021-4105 — Bg-tek Coslat_bx5s1d3_firmware: Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4105

Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 755VNDBg TekVNDHandlingTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-23
2023-02-23 20:15Z
HIGH

CVE-2023-24317 — Judging_management_system_project Judging_management_system: Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-24317

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. CVSSv3.1 8.1 (HIGH) · EPSS 74th percentile

CWECWE 434VNDJudging Management System ProjectVNDJudgingTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-02-23
2023-02-23 12:15Z
CRIT

CVE-2022-2504 — Sdd-baro_project Sdd-baro: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-2504

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 89VNDSdd Baro ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-23
2023-02-23 08:15Z
CRIT

CVE-2023-0939 — Online_services_project Online_services: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0939

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection. This issue affects Online Services Software: before 1.17. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 89VNDOnline Services ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-22
2023-02-22 07:15Z
HIGH

CVE-2023-26314 — Mono-project Mono: The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile

VNDMono ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score