Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-46381	Description: LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. CVSS: LOW (0.0) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46157	Description: File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. CVSS: LOW (0.0) EPSS Score: 0.11% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-45311	Description: fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary. CVSS: LOW (0.0) EPSS Score: 0.87% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-43320	Description: An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. CVSS: LOW (0.0) EPSS Score: 0.15% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-43298	Description: An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-42325	Description: Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. CVSS: LOW (0.0) EPSS Score: 4.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-42189	Description: Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. CVSS: LOW (0.0) EPSS Score: 0.47% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41621	Description: A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41618	Description: Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41171	Description: NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)