Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2000 |
Description: Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-1777 |
Description: Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-1775 |
Description: When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
CVSS: MEDIUM (4.3) EPSS Score: 0.07%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-1774 |
Description: When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
CVSS: MEDIUM (4.2) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54679 |
Description: CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54128 |
Description: Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54127 |
Description: This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-54001 |
Description: Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-53846 |
Description: OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa).
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2024-52943 |
Description: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|