Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-10344	Unauthenticated Denial of Service via Refuse Function Description: In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek. CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48965	Description: An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. CVSS: HIGH (8.8) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48912	Description: Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. CVSS: HIGH (8.8) EPSS Score: 0.1% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48105	Description: An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47453	Description: An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46887	Description: In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. CVSS: HIGH (7.5) EPSS Score: 0.2% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-45253	Description: An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-43887	Description: Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. CVSS: HIGH (8.1) EPSS Score: 0.12% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-3447	Description: The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory. CVSS: HIGH (8.6) EPSS Score: 0.16% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-3063	Description: The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)