Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-28689 |
Description: Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28688 |
WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28649 |
Description: The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.
CVSS: HIGH (8.6) EPSS Score: 0.07%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28536 |
Description: Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28532 |
Description: Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28417 |
Description: Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28416 |
Description: Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28386 |
Description: Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS: HIGH (8.6) EPSS Score: 0.39%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28168 |
Description: Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
CVSS: LOW (3.7) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-28165 |
Description: Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|