Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-34839 |
Description: A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34838 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34837 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34389 |
Description: An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS: MEDIUM (4.5) EPSS Score: 0.09%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34203 |
Description: In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-34188 |
Description: The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests.
CVSS: LOW (0.0) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-3371 |
Description: The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
CVSS: MEDIUM (5.3) EPSS Score: 0.16%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-33083 |
Description: Memory corruption in WLAN Host while processing RRM beacon on the AP.
CVSS: CRITICAL (9.8) EPSS Score: 0.14%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-33053 |
Description: Memory corruption in Kernel while parsing metadata.
CVSS: HIGH (8.4) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-32869 |
Description: In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363632; Issue ID: ALPS07363689.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|