Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-25837 |
Description: There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
CVSS: HIGH (8.4) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-25835 |
Description: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
CVSS: HIGH (8.4) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2563 |
Description: The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-25584 |
Description: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2351 |
Description: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2290 |
Description: A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2278 |
Description: The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.34%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2277 |
Description: The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.15%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2247 |
Description: In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function
CVSS: LOW (0.0) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-22078 |
Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|