Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-36647 |
Description: A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
CVSS: LOW (0.0) EPSS Score: 0.1%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36607 |
Description: The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36488 |
|
|
CVE-2023-36487 |
|
|
CVE-2023-36486 |
Description: The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
CVSS: LOW (0.0) EPSS Score: 0.2%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36484 |
|
|
CVE-2023-34844 |
|
|
CVE-2023-34834 |
Description: A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
CVSS: LOW (0.0) EPSS Score: 13.24%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-34648 |
Description: A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-34599 |
|