🚨 CVE-2023-4676
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.

This issue affects MedasPro: before 28.

🎖@cveNotify

🚨 CVE-2023-4702
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.

This issue affects Digital Yepas: before 1.0.1.

🎖@cveNotify

🚨 CVE-2023-4972
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.

This issue affects Digital Yepas: before 1.0.1.

🎖@cveNotify

🚨 CVE-2023-4673
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.

This issue affects Turasistan: before 20230911 .

🎖@cveNotify

🚨 CVE-2023-4830
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.

This issue affects Signalix: 7T_0228.

🎖@cveNotify

🚨 CVE-2023-4833
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.

This issue affects Network Marketing Software: before 1.0.2309.6.

🎖@cveNotify

🚨 CVE-2023-4835
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.

This issue affects Oil Management Software: before 20230912 .

🎖@cveNotify

🚨 CVE-2023-4737
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.

This issue affects Admin Panel: before 1.2.

🎖@cveNotify

🚨 CVE-2023-4934
Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.

This issue affects AYBS: before 1.0.3.

🎖@cveNotify

🚨 CVE-2023-5045
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.

This issue affects Kayisi: before 1286.

🎖@cveNotify

🚨 CVE-2023-5046
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.

This issue affects Procost: before 1390.

🎖@cveNotify

🚨 CVE-2023-5047
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection.

This issue affects DRDrive: before 20231006.

🎖@cveNotify

🚨 CVE-2023-4671
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command Line Execution through SQL Injection.

This issue affects ECOP: before 32255.

🎖@cveNotify

🚨 CVE-2023-4672
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS.

This issue affects ECOP: before 32255.

🎖@cveNotify

🚨 CVE-2023-4674
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.

This issue affects E-Commerce Software: through 20231229. 

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify

🚨 CVE-2023-4675
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.

This issue affects MDO: through 20231229. 

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify

🚨 CVE-2025-67972
Missing Authorization vulnerability in Zoho Mail Zoho ZeptoMail allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Zoho ZeptoMail: from n/a through 3.2.9.

🎖@cveNotify

🚨 CVE-2026-44047
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.

🎖@cveNotify

🚨 CVE-2023-4670
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.

This issue affects Probbys: before 2.

🎖@cveNotify

🚨 CVE-2026-28764
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

🎖@cveNotify

🚨 CVE-2026-39461
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).

An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.

🎖@cveNotify