Latest CVE Feed
-
9.8
CRITICALCVE-2017-17900
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.... Read more
Affected Products : dolibarr_erp\/crm- EPSS Score: %0.41
- Published: Dec. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-33274
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises fro... Read more
Affected Products : snmp_web_pro- EPSS Score: %0.26
- Published: Jul. 12, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23585
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning. ... Read more
- EPSS Score: %0.06
- Published: Jul. 13, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-3751
A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products lea... Read more
Affected Products : super_store_finder- EPSS Score: %0.04
- Published: Jul. 19, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-3793
A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with t... Read more
Affected Products : e-cology- EPSS Score: %0.04
- Published: Jul. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-4179
A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to s... Read more
- EPSS Score: %0.05
- Published: Aug. 06, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12470
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.... Read more
Affected Products : ccn-lite- EPSS Score: %0.41
- Published: Feb. 07, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-17654
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup C... Read more
Affected Products : netvault_backup- EPSS Score: %20.96
- Published: Feb. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36534
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.... Read more
Affected Products : zoom- EPSS Score: %0.62
- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-4559
A vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation le... Read more
Affected Products : laiketui- EPSS Score: %0.06
- Published: Aug. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-5288
A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device. ... Read more
- EPSS Score: %0.21
- Published: Sep. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-5265
A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql in... Read more
Affected Products : tongda_office_anywhere- EPSS Score: %0.03
- Published: Sep. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-10124
A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to l... Read more
Affected Products : most_popular_posts_widget- EPSS Score: %0.12
- Published: Oct. 02, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-44116
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.... Read more
- EPSS Score: %0.07
- Published: Oct. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28805
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105... Read more
Affected Products : client_connector- EPSS Score: %0.08
- Published: Oct. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-45554
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.... Read more
Affected Products : zzzcms- EPSS Score: %10.15
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-46570
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.... Read more
Affected Products : radare2- EPSS Score: %0.14
- Published: Oct. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27670
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.... Read more
Affected Products : appspace- EPSS Score: %91.94
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-25830
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper str... Read more
Affected Products : document_server- EPSS Score: %5.32
- Published: Mar. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the pa... Read more
- EPSS Score: %0.37
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024