Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-37298
Description: Joplin before 2.11.5 allows XSS via a USE element in an SVG document.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-37254
Description: An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36632
Description: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36630
Description: In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.

CVSS: LOW (0.0)

EPSS Score: 0.14%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36612
Description: Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36377
Description: Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36347
Description: A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

CVSS: LOW (0.0)

EPSS Score: 6.43%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36291
Description: Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36146
Description: A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-36144
Description: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

CVSS: LOW (0.0)

EPSS Score: 6.89%

Source: CVE
November 28th, 2024 (5 months ago)