CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-33495 |
Description: Craft CMS through 4.4.9 is vulnerable to HTML Injection.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-28168 |
Description: Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
CVSS: LOW (3.7) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2812 |
Description: The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2805 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-24375 |
Description: Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2400 |
Description: Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-23825 |
Description: Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-23814 |
Description: Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.
CVSS: LOW (3.8) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55560 |
Description: MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 9th, 2024 (6 months ago)
|
|
CVE-2024-54749 |
Description: Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 8th, 2024 (6 months ago)
|