Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-3371 |
Description: The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
CVSS: MEDIUM (5.3) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-29065 |
Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
CVSS: MEDIUM (4.1) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-28802 |
Description: An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149.
CVSS: MEDIUM (4.9) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-28586 |
Description: Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-28017 |
Description: HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53787 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53760 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title allows Stored XSS.This issue affects Capitalize My Title: from n/a through 0.5.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53752 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53749 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53748 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|