Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-25584
Out of bounds read in parse_module function in bfd/vms-alpha.c
Description: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

EPSS Score: 0.06%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on...
Description: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.12%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute...
Description: A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS: MEDIUM (6.4)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action'...
Description: The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS: CRITICAL (9.8)

EPSS Score: 0.34%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to...
Description: The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.15%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-2247
In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
Description: In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-22078
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and...
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS: MEDIUM (4.9)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-21919
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior....
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS: MEDIUM (4.9)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-21225
there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of...
Description: there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270403821References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (4 months ago)

CVE-2023-21224
In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead...
Description: In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265276966References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (4 months ago)