Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-31997	Description: UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-31543	Description: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. CVSS: LOW (0.0) EPSS Score: 0.32% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-31492	Description: Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. CVSS: LOW (0.0) EPSS Score: 0.13% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-31293	Description: An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-29487	Description: An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-29147	Description: In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-29145	Description: The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-28869	Description: Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-28461	Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." CVSS: LOW (0.0) EPSS Score: 35.59% Source: CVE November 27th, 2024 (6 months ago)
CVE-2023-28364	Description: An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (6 months ago)