Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-29491
Description: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-28756
Description: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

CVSS: LOW (0.0)

EPSS Score: 0.36%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-28474
Description: Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search.

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-28473
Description: Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2842
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
Description: The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-28365
Description: A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2795
CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting
Description: The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2711
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
Description: The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26966
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26616
Description: D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.

CVSS: LOW (0.0)

EPSS Score: 0.27%

Source: CVE
November 28th, 2024 (5 months ago)