Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-47761 |
Description: Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through 2.0.7.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-47760 |
Description: Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-47756 |
Description: Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-47694 |
Description: Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-43697 |
Description:
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an
unprivileged remote attacker to make the site unable to load necessary strings via changing file paths
using HTTP requests.
CVSS: MEDIUM (6.5) EPSS Score: 0.19%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-41953 |
Description: Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-34461 |
Description: PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `` that looks like ```xss``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section.
CVSS: MEDIUM (4.6) EPSS Score: 0.06%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-34246 |
Description: Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.
CVSS: MEDIUM (4.2) EPSS Score: 0.12%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-3316 |
Description: A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
CVSS: MEDIUM (5.9) EPSS Score: 0.16%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-32659 |
Description:
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|