Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2624 |
Description: The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
CVSS: LOW (0.0) EPSS Score: 0.49%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-2623 |
Description: The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
CVSS: LOW (0.0) EPSS Score: 0.07%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-26134 |
Description: Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.
CVSS: CRITICAL (9.8) EPSS Score: 0.47%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-26085 |
|
|
CVE-2023-2605 |
Description: The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.19%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-2601 |
Description: The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
CVSS: LOW (0.0) EPSS Score: 0.7%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-2592 |
Description: The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-25656 |
Description: notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.
CVSS: HIGH (7.5) EPSS Score: 0.1%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-25652 |
Description: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
CVSS: HIGH (7.5) EPSS Score: 0.58%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-25521 |
Description:
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|