Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35152 |
Description: XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.
CVSS: CRITICAL (10.0) EPSS Score: 0.22%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-32224 |
Description: D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-32222 |
Description: D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-3197 |
Description: The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-2982 |
Description: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.19%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-26134 |
Description: Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.
CVSS: CRITICAL (9.8) EPSS Score: 0.47%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-1722 |
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
CVSS: CRITICAL (9.1) EPSS Score: 0.23%
November 28th, 2024 (6 months ago)
|
|
CVE-2023-1721 |
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
CVSS: CRITICAL (9.1) EPSS Score: 0.21%
November 28th, 2024 (6 months ago)
|
|
CVE-2024-43498 |
Description: .NET and Visual Studio Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
November 27th, 2024 (6 months ago)
|
|
CVE-2024-36248 |
Description: API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|