Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-35933 |
Description: OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected.
CVSS: MEDIUM (5.9) EPSS Score: 0.16%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3423 |
Description: Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.13%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3398 |
Description: Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3203 |
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3201 |
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3200 |
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3198 |
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-29043 |
Description: Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.
CVSS: MEDIUM (6.1) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-26456 |
Description: Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-26432 |
Description: When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.
CVSS: MEDIUM (4.3) EPSS Score: 0.17%
December 4th, 2024 (5 months ago)
|