Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-41618
Description: Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-41171
Description: NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-41166
Description: An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-41118
Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-38857
Description: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-38710
Description: An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-38324
Description: An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

CVSS: LOW (0.0)

EPSS Score: 0.12%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-37360
Description: pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

CVSS: MEDIUM (5.9)

EPSS Score: 0.07%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-37305
Description: An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-37304
Description: An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)