Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-33879
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Description: In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-33404
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier...
Description: An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.

CVSS: LOW (0.0)

EPSS Score: 0.43%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on...
Description: The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

CVSS: HIGH (8.1)

EPSS Score: 0.24%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-32789
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges...
Description: In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3249
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including,...
Description: The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3203
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3200
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3198
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the...
Description: The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-3195
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a...
Description: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 4th, 2024 (5 months ago)