Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-25433
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-25304
Description: An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2482
Responsive CSS EDITOR <= 1.0 - Admin+ SQLi
Description: The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-24734
Description: An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.

CVSS: LOW (0.0)

EPSS Score: 0.4%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23570
Description: Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

CVSS: MEDIUM (5.4)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23432
Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23424
Description: Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

CVSS: MEDIUM (6.5)

EPSS Score: 0.25%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2326
Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
Description: The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23163
Description: Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.

CVSS: LOW (0.0)

EPSS Score: 0.8%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-22939
SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.

CVSS: HIGH (8.1)

EPSS Score: 0.22%

Source: CVE
November 28th, 2024 (5 months ago)