Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-29542
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk ...
Description: A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox&nbsp;and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.33%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-29534
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user...
Description: Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

CVSS: LOW (0.0)

EPSS Score: 0.38%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-29532
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a...
Description: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-29531
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable...
Description: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and&nbsp;Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS: LOW (0.0)

EPSS Score: 0.29%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2811
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2751
Upload Resume <= 1.2.0 - Captcha Bypass
Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2747
Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
Description: The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.

CVSS: LOW (3.1)

EPSS Score: 0.04%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2684
File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting
Description: The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2654
Conditional Menus < 1.2.1 - Reflected XSS
Description: The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-25747
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only...
Description: A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.

CVSS: LOW (0.0)

EPSS Score: 0.14%

Source: CVE
December 12th, 2024 (4 months ago)