Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-25736
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.
Description: An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.

CVSS: LOW (0.0)

EPSS Score: 0.32%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-25733
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This...
Description: The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.

CVSS: LOW (0.0)

EPSS Score: 0.14%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2527
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
Description: The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-2399
qubotchat < 1.1.6 - Unauthenticated Stored XSS
Description: The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-23472
IBM InfoSphere Information Server information disclosure
Description: IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

CVSS: LOW (3.1)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2023-0489
SlideOnline <= 1.2.1 - Contributor+ Stored XSS
Description: The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
December 12th, 2024 (4 months ago)

CVE-2024-5660
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3,...
Description: Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis&nbsp;may permit bypass of Stage-2 translation and/or GPT protection

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-55655
sigstore-python has insufficient validation of integration timestamp during verification
Description: sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified *if* a source of signed time (such as an inclusion promise) is present, but is otherwise trusted if no source of signed time is present. This does not affect "v1" bundles, as the "v1" bundle format always requires an inclusion promise. Sigstore uses signed time to support verification of signatures made against short-lived signing keys. The impact and severity of this weakness is *low*, as Sigstore contains multiple other enforcing components that prevent an attacker who modifies the integration timestamp within a bundle from impersonating a valid signature. In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify). Separately, an attacker could upload a *new* entry to the transparency service, and substitute their new entry's time. However, this would still be rejected at validation time, as the new entry's (valid) signed time would be outside the validity window of the original signing certificate and would nonetheless render the attacker auditable.

CVSS: LOW (2.7)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-55586
Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.
Description: Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to...
🚨 Marked as known exploited on January 7th, 2025 (4 months ago).
Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

CVSS: LOW (0.0)

EPSS Score: 42.72%

Source: CVE
December 11th, 2024 (4 months ago)