Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-37365 |
Description: Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36675 |
Description: An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
CVSS: LOW (0.0) EPSS Score: 0.26%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36666 |
Description: INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36664 |
Description: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVSS: LOW (0.0) EPSS Score: 0.12%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36663 |
Description: it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
CVSS: LOW (0.0) EPSS Score: 0.13%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36348 |
Description: POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
CVSS: LOW (0.0) EPSS Score: 1.64%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36346 |
Description: POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
CVSS: LOW (0.0) EPSS Score: 1.02%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-36274 |
Description: LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-35931 |
Description: Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-35928 |
Description: Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2.
Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.
CVSS: HIGH (8.5) EPSS Score: 0.24%
December 6th, 2024 (5 months ago)
|