Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-33277 |
|
|
CVE-2023-3311 |
Description: A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. Es wurde eine problematische Schwachstelle in PuneethReddyHC online-shopping-system-advanced 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei addsuppliers.php. Durch Manipulation des Arguments First name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-32728 |
Description: The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVSS: MEDIUM (4.6) EPSS Score: 0.24%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-32623 |
|
|
CVE-2023-32612 |
Description: Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
CVSS: LOW (0.0) EPSS Score: 0.1%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-32224 |
Description: D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-32223 |
Description: D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
CVSS: HIGH (8.8) EPSS Score: 0.1%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-32222 |
Description: D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-3197 |
Description: The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-31936 |
|