Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31997 |
Description: UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-31543 |
|
|
CVE-2023-31492 |
|
|
CVE-2023-31293 |
Description: An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.
CVSS: LOW (0.0) EPSS Score: 0.07%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-31222 |
Description: Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-3063 |
Description: The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29487 |
Description: An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue.
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29241 |
|
|
CVE-2023-29147 |
Description: In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-29145 |
Description: The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|