Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-48198	Description: A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. CVSS: MEDIUM (5.4) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48176	Description: An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). CVSS: CRITICAL (9.8) EPSS Score: 0.29% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48105	Description: An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. CVSS: HIGH (7.5) EPSS Score: 0.1% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47573	Description: An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47453	Description: An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47364	Description: The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims CVSS: LOW (0.0) EPSS Score: 0.12% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47350	Description: Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47327	Description: The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. This function suffers from broken access control, allowing any authenticated user to create a space by navigating to the correct URL. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47321	Description: Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47271	Description: PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)