Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6145 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?stanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. | |||||
| CVE-2023-6928 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. | |||||
| CVE-2023-6929 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. | |||||
| CVE-2023-6930 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. | |||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48718 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2021-34085 | 1 Glensawyer | 1 Mp3gain | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778. | |||||
| CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 9.8 CRITICAL |
| A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | |||||
| CVE-2023-48687 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48685 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49772 | 1 Phpbits | 1 Genesis Simple Love | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0. | |||||
| CVE-2023-35915 | 1 Automattic | 1 Woopayments | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-7100 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-29 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952. | |||||
| CVE-2023-7099 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951. | |||||
| CVE-2023-6972 | 1 Backupbliss | 1 Backup Migration | 2023-12-29 | N/A | 9.8 CRITICAL |
| The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | |||||
| CVE-2023-6971 | 1 Backupbliss | 1 Backup Migration | 2023-12-29 | N/A | 9.8 CRITICAL |
| The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP. | |||||
| CVE-2023-51052 | 1 S-cms | 1 S-cms | 2023-12-29 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51051 | 1 S-cms | 1 S-cms | 2023-12-29 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | |||||
| CVE-2022-45377 | 1 Codedropz | 1 Drag And Drop Multiple File Upload For Woocommerce | 2023-12-29 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. | |||||
| CVE-2023-49778 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | |||||
| CVE-2023-32242 | 1 Xtemos | 1 Woodmart | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. | |||||
| CVE-2023-49826 | 1 Pencidesign | 1 Soledad | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2023-47267 | 1 Thegreenbow | 3 Windows Enterprise Certified Vpn, Windows Enterprise Vpn, Windows Standard Vpn | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. | |||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. | |||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2023-12-29 | N/A | 9.8 CRITICAL |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. | |||||
| CVE-2021-28483 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28481 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28480 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 10.0 HIGH | 9.8 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-50044 | 1 Cesanta | 1 Mjs | 2023-12-29 | N/A | 9.8 CRITICAL |
| Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | |||||
| CVE-2023-38703 | 1 Teluu | 1 Pjsip | 2023-12-29 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. | |||||
| CVE-2021-34458 | 1 Microsoft | 2 Windows Server 2016, Windows Server 2019 | 2023-12-28 | 9.0 HIGH | 9.9 CRITICAL |
| Windows Kernel Remote Code Execution Vulnerability | |||||
| CVE-2021-34523 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 7.5 HIGH | 9.0 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2021-34473 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 10.0 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-4489 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2023-12-28 | N/A | 9.8 CRITICAL |
| The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. | |||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2023-12-28 | N/A | 9.8 CRITICAL |
| Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. | |||||
| CVE-2023-50628 | 1 Libming | 1 Libming | 2023-12-28 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component. | |||||
| CVE-2023-35895 | 1 Ibm | 1 Informix Jdbc | 2023-12-28 | N/A | 9.8 CRITICAL |
| IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116. | |||||
| CVE-2023-28782 | 1 Gravityforms | 1 Gravity Forms | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3. | |||||
| CVE-2021-38647 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Open Management Infrastructure Remote Code Execution Vulnerability | |||||
| CVE-2021-26432 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | |||||
| CVE-2021-26424 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 9.9 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2023-47507 | 1 Averta | 1 Master Slider Pro | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5. | |||||
| CVE-2023-40555 | 1 Uxthemes | 1 Flatsome | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | |||||
| CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2023-50272 | 1 Hpe | 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more | 2023-12-28 | N/A | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. | |||||
| CVE-2023-34027 | 1 Rajarora795 | 1 Recently Viewed Products | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0. | |||||
| CVE-2023-37390 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. | |||||