Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-34548 |
Description: Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-33438 |
Description: A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-33243 |
Description: RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
CVSS: LOW (0.0) EPSS Score: 3.42%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-32542 |
Description: Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-31672 |
Description: In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-30759 |
Description: The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-30453 |
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.
Description: The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-29711 |
Description: An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.43%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2899 |
Description: The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2023-2779 |
Description: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.42%
December 13th, 2024 (4 months ago)
|