Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-30945 |
Description: Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
CVSS: CRITICAL (9.8) EPSS Score: 0.18%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-30902 |
Description: A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-30362 |
Description: Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-30260 |
Description: Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
CVSS: LOW (0.0) EPSS Score: 0.27%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-30258 |
Description: Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
CVSS: LOW (0.0) EPSS Score: 79.42%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-2996 |
Description: The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
CVSS: LOW (0.0) EPSS Score: 0.37%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-2989 |
Description: Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited
CVSS: LOW (0.0) EPSS Score: 0.12%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-29860 |
Description: An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.
CVSS: LOW (0.0) EPSS Score: 0.19%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-29068 |
Description: A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-28929 |
Description: Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|