Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-36486
Description: The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.

CVSS: LOW (0.0)

EPSS Score: 0.2%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-36484
Description: ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34844
Description: Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape.

CVSS: LOW (0.0)

EPSS Score: 0.26%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34834
Description: A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.

CVSS: LOW (0.0)

EPSS Score: 13.24%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34648
Description: A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34599
Description: Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

CVSS: LOW (0.0)

EPSS Score: 0.12%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34598
Description: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

CVSS: LOW (0.0)

EPSS Score: 22.1%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34487
Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-34486
Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2023-33466
Description: Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

CVSS: LOW (0.0)

EPSS Score: 0.37%

Source: CVE
November 27th, 2024 (6 months ago)