CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence...
Description: Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29546
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking...
Description: When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

CVSS: LOW (0.0)

EPSS Score: 0.18%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29545
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved...
Description: Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and&nbsp;Thunderbird on Windows. Other versions of Firefox and&nbsp;Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29542
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk ...
Description: A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox&nbsp;and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.33%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user...
Description: Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

CVSS: LOW (0.0)

EPSS Score: 0.38%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29532
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a...
Description: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-29531
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable...
Description: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and&nbsp;Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.29%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-2811
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-2751
Upload Resume <= 1.2.0 - Captcha Bypass
Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
December 12th, 2024 (6 months ago)

CVE-2023-2747
Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
Description: The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

CVSS: LOW (3.1)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (6 months ago)