Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-33880 |
Description: In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-33879 |
Description: In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-33404 |
Description: An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
CVSS: LOW (0.0) EPSS Score: 0.43%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-32789 |
Description: In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3195 |
Description: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-31307 |
Description: Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVSS: LOW (2.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-30913 |
Description: In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-30261 |
Description: Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.
CVSS: LOW (0.0) EPSS Score: 3.36%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-29459 |
Description: The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2877 |
Description: The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.
CVSS: LOW (0.0) EPSS Score: 0.25%
December 4th, 2024 (5 months ago)
|