2023-02-23
2023-02-23 08:15Z
CRIT

CVE-2023-0939 — Online_services_project Online_services: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0939

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection. This issue affects Online Services Software: before 1.17. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 89VNDOnline Services ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-22
2023-02-22 07:15Z
HIGH

CVE-2023-26314 — Mono-project Mono: The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile

VNDMono ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-21
2023-02-21 23:15Z
CRIT

CVE-2023-24080 — Chamberlain Myq: A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-24080

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 307VNDChamberlainTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-21
2023-02-21 20:15Z
MED

CVE-2023-0942 — Artisanworkshop Japanized_for_woocommerce: The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 97th percentile

CWECWE 79VNDArtisanworkshopVNDJapanizedTYPVulnerability
6.1
CVSS v3.1
92
Edit Score
2023-02-20
2023-02-20 04:15Z
CRIT

CVE-2022-48329 — Misp-project Misp: before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-48329

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 56th percentile

CWECWE 755VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-20
2023-02-20 04:15Z
CRIT

CVE-2022-48328 — Misp-project Misp: app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-48328

app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 755VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-17
2023-02-17 15:15Z
HIGH

CVE-2022-45701 — Commscope Arris_tg2482a_firmware: Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45701

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile

CWECWE 77VNDCommscopeVNDArrisTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-02-17
2023-02-17 10:15Z
HIGH

CVE-2023-0882 — Krontech Single_connect: Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0882

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. CVSSv3.1 8.8 (HIGH) · EPSS 48th percentile

CWECWE 639VNDInputVNDKrontechTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-14
2023-02-14 20:15Z
HIGH

CVE-2023-21529 — Microsoft Exchange_server: Exchange Server Remote Code Execution Vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-21529in the wild

Microsoft Exchange Server Remote Code Execution Vulnerability CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile

CWECWE 502VNDMicrosoftTYPVulnerabilitySTAitw exploited
8.8
CVSS v3.1
100
Edit Score
2023-02-13
2023-02-13 20:15Z
CRIT

CVE-2023-24188 — Ureport_project Ureport: v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. CVSSv3.1 9.1 (CRITICAL) · EPSS 70th percentile

CWECWE 22VNDUreport ProjectTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2023-02-13
2023-02-13 14:15Z
HIGH

CVE-2022-45725 — Comfast Cf-wr610n_firmware: Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request CVSSv3.1 8.8 (HIGH) · EPSS 95th percentile

CWECWE 20VNDInputVNDComfastTYPVulnerability
8.8
CVSS v3.1
97
Edit Score
2023-02-12
2023-02-12 04:15Z
CRIT

CVE-2022-4557 — Gruparge Smartpower: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-4557

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 89VNDGrupargeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-12
2023-02-12 04:15Z
HIGH

CVE-2022-45090 — Gruparge Smartpower_web: Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45090

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. CVSSv3.1 8.8 (HIGH) · EPSS 47th percentile

CWECWE 89VNDInputVNDGrupargeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-12
2023-02-12 04:15Z
HIGH

CVE-2022-45089 — Gruparge Smartpower_web: Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45089

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. CVSSv3.1 8.8 (HIGH) · EPSS 47th percentile

CWECWE 89VNDInputVNDGrupargeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-12
2023-02-12 04:15Z
CRIT

CVE-2022-45088 — Gruparge Smartpower_web: Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-45088

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion. This issue affects Smartpower Web: before 23.01.01. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 20VNDInputVNDGrupargeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-10
2023-02-10 00:15Z
HIGH

CVE-2022-3568 — Orangelab Imagemagick_engine: The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3568

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile

CWECWE 502CWECWE 352VNDOrangelabVNDImagemagickTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-02-03
2023-02-03 06:15Z
MED

CVE-2023-25136 — Openbsd Openssh: One third-party report states "remote code execution is theoretically possible."

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-25136

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." CVSSv3.1 6.5 (MEDIUM) · EPSS 100th percentile

CWECWE 415VNDFedoraprojectVNDNetappTYPVulnerability
6.5
CVSS v3.1
100
Edit Score
2023-02-02
2023-02-02 12:15Z
HIGH

CVE-2022-46965 — 202-ecommerce Administrative_mandate: PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-46965

PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. CVSSv3.1 8.1 (HIGH) · EPSS 57th percentile

CWECWE 89VNDPrestashopVND202 EcommerceTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-02-01
2023-02-01 14:15Z
CRIT

CVE-2022-47003 — Murasoftware Mura_cms: A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-47003

A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile

CWECWE 287VNDMurasoftwareVNDRememberTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-02-01
2023-02-01 02:15Z
CRIT

CVE-2022-47770 — Serinf Fast_checkin: Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-47770

Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile

CWECWE 89VNDSerinfVNDSerenissimaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-02-01
2023-02-01 02:15Z
CRIT

CVE-2022-47769 — Serinf Fast_checkin: An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile

CWECWE 434VNDSerinfTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-01-30
2023-01-30 16:15Z
CRIT

CVE-2022-23334 — Ip-label Newtest: The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23334

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile

CWECWE 347VNDIp LabelVNDRobotTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-01-27
2023-01-27 22:15Z
HIGH

CVE-2023-0558 — Contentstudio Contentstudio: The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0558

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. CVSSv3.1 8.2 (HIGH) · EPSS 82th percentile

CWECWE 639VNDContentstudioTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-01-27
2023-01-27 22:15Z
CRIT

CVE-2023-0556 — Contentstudio Contentstudio: The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0556

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other require CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile

CWECWE 862VNDContentstudioTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-01-27
2023-01-27 21:15Z
HIGH

CVE-2023-0555 — Thingsforrestaurants Quick_restaurant_menu: The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed CVSSv3.1 8.1 (HIGH) · EPSS 55th percentile

CWECWE 862VNDThingsforrestaurantsVNDQuickTYPVulnerability
8.1
CVSS v3.1
91
Edit Score