Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-29348 |
Description: Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.39%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-28831 |
Description: The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.
This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22935 |
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
CVSS: HIGH (8.1) EPSS Score: 0.2%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22934 |
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
CVSS: HIGH (7.3) EPSS Score: 0.11%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22933 |
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
CVSS: HIGH (8.0) EPSS Score: 0.09%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22932 |
Description: In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
CVSS: HIGH (8.0) EPSS Score: 0.08%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-55580 |
Description: An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-55579 |
Description: An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-54226 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Country Blocker allows Stored XSS.This issue affects Country Blocker: from n/a through 3.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-54225 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodegearThemes Designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through 1.3.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|