Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-45727 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
CVSS: LOW (0.0) EPSS Score: 23.62%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-44221 |
🚨 Marked as known exploited on May 1st, 2025 (3 days ago).
Description: Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.14%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49035 |
🚨 Marked as known exploited on February 25th, 2025 (2 months ago).
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
CVSS: HIGH (8.7) EPSS Score: 0.19%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11680 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
CVSS: CRITICAL (9.8) EPSS Score: 46.82%
November 27th, 2024 (5 months ago)
|