Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-6118 Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.
network
low complexity
CWE-25
7.5
2023-11-23 CVE-2023-3631 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
critical
9.8
2023-11-23 CVE-2023-4406 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-79
6.1
2023-11-23 CVE-2023-3377 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
network
low complexity
CWE-89
critical
9.8
2023-11-22 CVE-2023-39925 Cross-Site Request Forgery (CSRF) vulnerability in Peepso
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.
network
low complexity
peepso CWE-352
8.8
2023-11-22 CVE-2023-47775 Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpdiscuz
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
network
low complexity
gvectors CWE-352
8.8
2023-11-22 CVE-2023-47785 Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin <= 7.7.9 versions.
network
low complexity
CWE-352
8.8
2023-11-22 CVE-2023-47791 Cross-Site Request Forgery (CSRF) vulnerability in Leadster
Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.
network
low complexity
leadster CWE-352
8.8
2023-11-22 CVE-2023-25986 Cross-Site Request Forgery (CSRF) vulnerability in Paygreen - Ancienne
Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen – Ancienne version plugin <= 4.10.2 versions.
network
low complexity
paygreen CWE-352
8.8
2023-11-22 CVE-2023-25987 Cross-Site Request Forgery (CSRF) vulnerability in Urosevic MY Youtube Channel
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uroševi? My YouTube Channel plugin <= 3.23.3 versions.
network
low complexity
urosevic CWE-352
8.8