CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-29708 |
Description: An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-29707 |
Description: Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-29405 |
Description: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
CVSS: LOW (0.0) EPSS Score: 0.93%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-2797 |
Description: Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS: LOW (3.1) EPSS Score: 0.06%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-27561 |
Description: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-27266 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-27265 |
Description: Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-27243 |
Description: An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-27083 |
Description: An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
CVSS: LOW (0.0) EPSS Score: 0.19%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-25435 |
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|