Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-48010
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58...
Description: STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-37365
Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.
Description: Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36675
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in...
Description: An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.

CVSS: LOW (0.0)

EPSS Score: 0.26%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36666
INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php,...
Description: INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Description: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVSS: LOW (0.0)

EPSS Score: 0.12%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36663
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API...
Description: it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.

CVSS: LOW (0.0)

EPSS Score: 0.13%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36348
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
Description: POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.

CVSS: LOW (0.0)

EPSS Score: 1.64%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36346
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
Description: POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.

CVSS: LOW (0.0)

EPSS Score: 1.02%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-36274
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Description: LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-35931
Shescape potential environment variable exposure on Windows with CMD
Description: Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

CVSS: LOW (3.1)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)