Latest CVE Feed
-
9.8
CRITICALCVE-2023-3741
An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. ... Read more
Affected Products : itk-6dgs-1\(bk\)tel_firmware itk-32lcgs-1\(bk\)tel_firmware itk-32tcgs-1\(bk\)tel_firmware itk-6d-1\(bk\)tel_firmware itk-12d-1\(bk\)tel_firmware itk-8lcx-1\(bk\)tel_firmware itk-8tcgx-1\(bk\)tel_firmware itk-6dgs-1a\(bk\)tel_firmware itk-32lcgs-1a\(bk\)tel_firmware itk-32tcgs-1a\(bk\)tel_firmware +34 more products- EPSS Score: %0.55
- Published: Nov. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21403
In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed ... Read more
Affected Products : android- EPSS Score: %0.10
- Published: Dec. 04, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-5761
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supp... Read more
Affected Products : burst_statistics- EPSS Score: %0.51
- Published: Dec. 07, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-42495
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ... Read more
Affected Products : w-web- EPSS Score: %0.35
- Published: Dec. 13, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-6887
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted up... Read more
Affected Products : forestblog- EPSS Score: %0.08
- Published: Dec. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-6903
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is ... Read more
- EPSS Score: %0.05
- Published: Dec. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-6272
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.... Read more
Affected Products : 2fa- EPSS Score: %0.41
- Published: Dec. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51016
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.... Read more
- EPSS Score: %0.31
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-7131
A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the... Read more
- EPSS Score: %0.12
- Published: Dec. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23634
SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.... Read more
Affected Products : documize- EPSS Score: %2.22
- Published: Dec. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-49624
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more
- EPSS Score: %0.07
- Published: Jan. 04, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-3208
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potent... Read more
Affected Products : weborb_for_java- EPSS Score: %1.80
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0505
A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads t... Read more
Affected Products : austin- EPSS Score: %0.09
- Published: Jan. 13, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0530
A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_... Read more
Affected Products : post-office- EPSS Score: %0.05
- Published: Jan. 15, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-0705
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation... Read more
Affected Products : stripe_payment_plugin_for_woocommerce- EPSS Score: %0.50
- Published: Jan. 19, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-11088
Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.... Read more
Affected Products : android msm8996au_firmware sd_450_firmware sd_625_firmware sd_820_firmware sd_835_firmware msm8909w_firmware sd_210_firmware sd_212_firmware sd_205_firmware +19 more products- EPSS Score: %0.26
- Published: Jul. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51951
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.... Read more
Affected Products : stock_management_system- EPSS Score: %2.60
- Published: Feb. 05, 2024
- Modified: Jun. 20, 2025
-
9.8
CRITICALCVE-2024-24112
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.... Read more
Affected Products : xmall- EPSS Score: %81.13
- Published: Feb. 06, 2024
- Modified: May. 08, 2025
-
9.8
CRITICALCVE-2018-13862
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (... Read more
- EPSS Score: %49.07
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11757
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitat... Read more
Affected Products : openwhisk- EPSS Score: %2.80
- Published: Jul. 23, 2018
- Modified: Nov. 21, 2024