Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-37255 |
Description: An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-37251 |
Description: An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-37185 |
|
|
CVE-2023-36647 |
Description: A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
CVSS: LOW (0.0) EPSS Score: 0.1%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36607 |
Description: The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36488 |
|
|
CVE-2023-36487 |
|
|
CVE-2023-36486 |
Description: The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
CVSS: LOW (0.0) EPSS Score: 0.2%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-36484 |
|
|
CVE-2023-34844 |
|