Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35844 |
Description: packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
CVSS: LOW (0.0) EPSS Score: 23.0%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35843 |
Description: NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
CVSS: LOW (0.0) EPSS Score: 37.65%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35840 |
Description: _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVSS: LOW (0.0) EPSS Score: 0.13%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34657 |
Description: A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34642 |
Description: KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34641 |
Description: KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34603 |
Description: JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34602 |
Description: JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34242 |
Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of `ReferenceGrant` resources to admin users by using Kubernetes RBAC.
CVSS: LOW (3.4) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-34167 |
Description: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|