Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly...
Description: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-0854
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before...
Description: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-4399
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to...
Description: Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the characters in the request address.

CVSS: MEDIUM (6.6)

EPSS Score: 0.09%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-36464
Infinite Loop when a comment isn't followed by a character in pypdf
Description: pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.

CVSS: MEDIUM (6.2)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-36463
Cross site scripting (XSS) in meldekarten generator
Description: Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn't (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-35933
OpenFGA denial of service die to circular relationship
Description: OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.

CVSS: MEDIUM (5.9)

EPSS Score: 0.16%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-3423
Weak Password Requirements in cloudexplorer-dev/cloudexplorer-lite
Description: Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.13%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-3398
Denial of Service in jgraph/drawio
Description: Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-3203
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (6 months ago)