Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-1722
Yoga Class Registration System 1.0 - ATO
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CVSS: CRITICAL (9.1)

EPSS Score: 0.23%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-1721
Yoga Class Registration System 1.0 - RCE
Description: Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.

CVSS: CRITICAL (9.1)

EPSS Score: 0.21%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-1695
Description: Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-1166
USM Premium < 16.3 - Admin+ Stored XSS
Description: The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-0873
Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS
Description: The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-0588
Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS
Description: The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-0003
Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
Description: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

CVSS: MEDIUM (6.5)

EPSS Score: 0.12%

Source: CVE
November 28th, 2024 (5 months ago)
Microsoft re-releases Exchange updates after fixing mail delivery
Description: ​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Hackers abuse popular Godot game engine to infect thousands of PCs
Description: ​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Hackers exploit ProjectSend flaw to backdoor exposed servers
Description: Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)