CVEs from 2023
Total
6,124
critical
critical 239
high
high 1,503
medium
medium 1,409
low
low 31
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%
Top products
- office 29
- office_long_term_servicing_channel 15
- 365_apps 14
- ftmg-esr50sxx 8
- ftmg-esn40sxx 8
- ftmg-esd25axx 8
- ftmg-esr40sxx 8
- ftmg-esd15axx 8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47754 | critical | 9.8 | 9.8 | 3y ago | Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a throug… | |||
| CVE-2023-35039 | critical | 9.8 | 9.8 | 3y ago | Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Pa… | |||
| CVE-2023-5636 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. | |||
| CVE-2023-5634 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1… | |||
| CVE-2023-3631 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection. This issue affects Medart… | |||
| CVE-2023-3377 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection. This issue affects Veribase: through … | |||
| CVE-2023-2889 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection. This issue affects Service Trackin… | |||
| CVE-2023-5047 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006. | |||
| CVE-2023-47359 | critical | 9.8 | 9.8 | 3y ago | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | |||
| CVE-2023-23796 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: fro… | |||
| CVE-2023-22719 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||
| CVE-2023-45657 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | |||
| CVE-2023-45074 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allow… | |||
| CVE-2023-45069 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Inje… | |||
| CVE-2023-45055 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | |||
| CVE-2023-45046 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter:… | |||
| CVE-2023-45001 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: fro… | |||
| CVE-2023-41685 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support Sy… | |||
| CVE-2023-40609 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Conta… | |||
| CVE-2023-40207 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Ma… | |||
| CVE-2023-38382 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue af… | |||
| CVE-2023-35911 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Inject… | |||
| CVE-2023-33924 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through… | |||
| CVE-2023-28748 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: fro… | |||
| CVE-2023-27605 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/… | |||
| CVE-2023-36529 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - … | |||
| CVE-2023-25700 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | |||
| CVE-2023-26015 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Inject… | |||
| CVE-2023-25960 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.T… | |||
| CVE-2023-41652 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a thr… | |||
| CVE-2023-34383 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Proje… | |||
| CVE-2023-37966 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User … | |||
| CVE-2023-36508 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-fo… | |||
| CVE-2023-35879 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a thr… | |||
| CVE-2023-33927 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Inj… | |||
| CVE-2023-31212 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL I… | |||
| CVE-2023-24410 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for Wo… | |||
| CVE-2023-24000 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | |||
| CVE-2023-5807 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: befor… | |||
| CVE-2023-38545 | critical | 9.8 | 9.8 | 3y ago | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it… | |||
| CVE-2023-5046 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. Th… | |||
| CVE-2023-5045 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. Thi… | |||
| CVE-2023-4530 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Admi… | |||
| CVE-2023-4737 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2. | |||
| CVE-2023-35071 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection. This issue affects Logging Administr… | |||
| CVE-2023-4835 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. This issue affects Oil Management Soft… | |||
| CVE-2023-4833 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing So… | |||
| CVE-2023-4662 | critical | 9.8 | 9.8 | 3y ago | Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9. | |||
| CVE-2023-4661 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9. | |||
| CVE-2023-4670 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. This issue affects Probbys: before 2. | |||
| CVE-2023-4231 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection. This issue affects Online Payment … | |||
| CVE-2023-4830 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. This issue affects Signalix: 7T_0228. | |||
| CVE-2023-4673 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. This issue affects Turasistan: before 20230911 . | |||
| CVE-2023-4972 | critical | 9.8 | 9.8 | 3y ago | Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1. | |||
| CVE-2023-4702 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1. | |||
| CVE-2023-4766 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection. This issue affects Movus: before 20230913. | |||
| CVE-2023-4669 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0. | |||
| CVE-2023-4832 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 307… | |||
| CVE-2023-4531 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. This issue affects E-commerce Software… | |||
| CVE-2023-4178 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1. | |||
| CVE-2023-4034 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This is… | |||
| CVE-2023-3616 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affects Hotel Management … | |||
| CVE-2023-35072 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection. This issue affects Proagent: before 20230904 . | |||
| CVE-2023-35068 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System… | |||
| CVE-2023-35065 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection. This issue affects Paint Production Mana… | |||
| CVE-2023-3374 | critical | 9.8 | 9.8 | 3y ago | Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0. | |||
| CVE-2023-4420 | critical | 9.8 | 9.8 | 3y ago | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the comm… | |||
| CVE-2023-4419 | critical | 9.8 | 9.8 | 3y ago | The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | |||
| CVE-2023-3632 | critical | 9.8 | 9.8 | 3y ago | Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass. This issue affects Kunduz - … | |||
| CVE-2023-3522 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection. This issue affects License Portal System: before … | |||
| CVE-2023-3386 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection. This issue affects Camera Trap Tracking Sys… | |||
| CVE-2023-3651 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: be… | |||
| CVE-2023-3716 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Soft… | |||
| CVE-2023-3717 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administr… | |||
| CVE-2023-3898 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before… | |||
| CVE-2023-35066 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection. This issue affects E-Invoice A… | |||
| CVE-2023-3046 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection. This issue affects Scienta: before 20230630.1953. | |||
| CVE-2023-2958 | critical | 9.8 | 9.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714. | |||
| CVE-2023-3376 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection. This issue affects Zekiweb: before 2. | |||
| CVE-2023-2963 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS… | |||
| CVE-2023-35070 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197. | |||
| CVE-2023-2957 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0. | |||
| CVE-2023-1547 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution thro… | |||
| CVE-2023-3045 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: … | |||
| CVE-2023-2852 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0. | |||
| CVE-2023-2046 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Trac… | |||
| CVE-2023-31411 | critical | 9.8 | 9.8 | 3y ago | A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to … | |||
| CVE-2023-31410 | critical | 9.8 | 9.8 | 3y ago | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in th… | |||
| CVE-2023-2907 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ;… | |||
| CVE-2023-35064 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering. This issue affects Sat… | |||
| CVE-2023-3050 | critical | 9.8 | 9.8 | 3y ago | Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before … | |||
| CVE-2023-3049 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection. This issue affects Lockcell: before 15. | |||
| CVE-2023-3048 | critical | 9.8 | 9.8 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15. | |||
| CVE-2023-3047 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15. | |||
| CVE-2023-3000 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Byp… | |||
| CVE-2023-2851 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. This issu… | |||
| CVE-2023-2887 | critical | 9.8 | 9.8 | 3y ago | Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-2884 | critical | 9.8 | 9.8 | 3y ago | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects… | |||
| CVE-2023-2882 | critical | 9.8 | 9.8 | 3y ago | Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||
| CVE-2023-2064 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection. This issue affects eTrace: before 23.05.20. |