Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-32094 |
Description: Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31412 |
Description: The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.
CVSS: HIGH (7.5) EPSS Score: 0.14%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31411 |
Description: A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
CVSS: CRITICAL (9.8) EPSS Score: 0.22%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31241 |
Description: Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVSS: HIGH (8.6) EPSS Score: 0.24%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31240 |
Description: Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
CVSS: HIGH (8.3) EPSS Score: 0.26%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31214 |
Description: Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-3110 |
Description: Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVSS: CRITICAL (9.6) EPSS Score: 0.07%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-31073 |
Description: Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-30873 |
Description: Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-30870 |
Description: Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship and Affiliate: from n/a through 2.2.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|