CyberAlerts

CVE-2023-2719

Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-25645

There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application...

Description: There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-25366

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

Description: In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-25185

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single...

Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2492

QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi

Description: The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2431

Bypass of seccomp profile enforcement

Description: A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

CVSS: LOW (3.4)

EPSS Score: 0.05%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-24243

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

Description: CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

CVSS: LOW (0.0)

EPSS Score: 4.63%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2401

Qubotchat < 1.1.6 – Admin+ Stored XSS

Description: The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2359

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

CVSS: LOW (0.0)

EPSS Score: 0.18%

Source: CVE

December 13th, 2024 (4 months ago)

CVE-2023-2221

WP Custom Cursors < 3.2 - Admin+ SQLi

Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE

December 13th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-2719	SupportCandy < 3.1.7 - Subscriber+ SQLi Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-25645	There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application... Description: There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-25366	In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. Description: In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password. CVSS: LOW (0.0) EPSS Score: 0.21% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-25185	An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single... Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. CVSS: LOW (3.8) EPSS Score: 0.04% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2492	QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi Description: The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. CVSS: LOW (0.0) EPSS Score: 0.1% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2431	Bypass of seccomp profile enforcement Description: A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. CVSS: LOW (3.4) EPSS Score: 0.05% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-24243	CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). Description: CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). CVSS: LOW (0.0) EPSS Score: 4.63% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2401	Qubotchat < 1.1.6 – Admin+ Stored XSS Description: The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2359	Revolution Slider <= 6.6.12 - Author+ Remote Code Execution Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. CVSS: LOW (0.0) EPSS Score: 0.18% Source: CVE December 13th, 2024 (4 months ago)
CVE-2023-2221	WP Custom Cursors < 3.2 - Admin+ SQLi Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE December 13th, 2024 (4 months ago)