Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-34648	Description: A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-34599	Description: Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. CVSS: LOW (0.0) EPSS Score: 0.12% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-34598	Description: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. CVSS: LOW (0.0) EPSS Score: 22.1% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-34487	Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. CVSS: LOW (0.0) EPSS Score: 0.21% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-34486	Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-33466	Description: Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). CVSS: LOW (0.0) EPSS Score: 0.37% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-33411	Description: A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. CVSS: LOW (0.0) EPSS Score: 0.21% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-33335	Description: Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-33276	Description: The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-32610	Description: Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. CVSS: LOW (0.0) EPSS Score: 0.3% Source: CVE November 27th, 2024 (5 months ago)