Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-3063 |
Description: The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29487 |
Description: An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29241 |
|
|
CVE-2023-29147 |
Description: In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29145 |
Description: The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-28869 |
|
|
CVE-2023-28461 |
Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVSS: LOW (0.0) EPSS Score: 35.59%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-28364 |
Description: An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-23756 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-23325 |
|