Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-33570
Description: Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).

CVSS: LOW (0.0)

EPSS Score: 0.14%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-33336
Description: Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-33298
Description: com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-33277
Description: The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.

CVSS: LOW (0.0)

EPSS Score: 0.48%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-3311
PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting
Description: A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. Es wurde eine problematische Schwachstelle in PuneethReddyHC online-shopping-system-advanced 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei addsuppliers.php. Durch Manipulation des Arguments First name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.4)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-32623
Description: Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.

CVSS: LOW (0.0)

EPSS Score: 0.22%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-32612
Description: Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-31936
Description: Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.

CVSS: LOW (0.0)

EPSS Score: 0.36%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-30586
Description: A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-30259
Description: A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)