Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-5247 |
Description: Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-48791 |
Description: An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
CVSS: HIGH (7.9) EPSS Score: 0.18%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-48389 |
Description: Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS: HIGH (7.5) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-4677 |
Description: Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
CVSS: HIGH (7.0) EPSS Score: 0.17%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-45084 |
Description: An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
CVSS: HIGH (7.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-42571 |
Description: Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.
CVSS: HIGH (7.6) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-4223 |
Description: Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVSS: HIGH (8.8) EPSS Score: 0.45%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-41808 |
Description: Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.
CVSS: HIGH (8.5) EPSS Score: 0.14%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-39539 |
Description:
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-33053 |
Description: Memory corruption in Kernel while parsing metadata.
CVSS: HIGH (8.4) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|