CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-42366	A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Description: A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-40285	An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. Description: An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-36371	An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL... Description: An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-36370	An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL... Description: An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-36369	An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL... Description: An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-34939	Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component... Description: Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. CVSS: LOW (0.0) EPSS Score: 1.53% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-34553	An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. Description: An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-34110	Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error Description: Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2. CVSS: LOW (2.7) EPSS Score: 0.08% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-33725	Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup... Description: Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-33591	User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the... Description: User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE December 7th, 2024 (6 months ago)