Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-42479
Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
Description: An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

CVSS: MEDIUM (6.1)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-37360
Description: pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

CVSS: MEDIUM (5.9)

EPSS Score: 0.07%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-37237
Description: In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

CVSS: MEDIUM (6.5)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-3478
IBOS OA Add User edit&op=member actionEdit sql injection
Description: A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In IBOS OA 4.5.5 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion actionEdit der Datei ?r=dashboard/roleadmin/edit&op=member der Komponente Add User Handler. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.7)

EPSS Score: 0.27%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-21640
Buffer Copy Without Checking Size of Input in Linux
Description: Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-2142
Nunjucks autoescape bypass leads to cross site scripting
Description: In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)