Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31293 |
Description: An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.
CVSS: LOW (0.0) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-29487 |
Description: An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-29147 |
Description: In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-29145 |
Description: The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-28869 |
|
|
CVE-2023-28461 |
Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVSS: LOW (0.0) EPSS Score: 35.59%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-28364 |
Description: An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-23756 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-2320 |
Description: The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.07%
November 27th, 2024 (6 months ago)
|
|
CVE-2023-20760 |
Description: In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|