Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-32222 |
Description: D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-3197 |
Description: The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-2982 |
Description: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.19%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-26134 |
Description: Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.
CVSS: CRITICAL (9.8) EPSS Score: 0.47%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-1722 |
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
CVSS: CRITICAL (9.1) EPSS Score: 0.23%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-1721 |
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
CVSS: CRITICAL (9.1) EPSS Score: 0.21%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-43498 |
Description: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-36248 |
Description: API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-28038 |
Description: The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11705 |
Description: `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|