Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2991 |
Description: Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29709 |
Description: An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29708 |
Description: An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29707 |
Description: Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-29405 |
Description: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVSS: LOW (0.0) EPSS Score: 0.93%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-2797 |
Description: Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS: LOW (3.1) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27561 |
Description: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27266 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27265 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2023-27243 |
Description: An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 7th, 2024 (5 months ago)
|