Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-29145
Description: The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-28869
Description: Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-28461
Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

CVSS: LOW (0.0)

EPSS Score: 35.59%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-28364
Description: An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-23756
Extension - advcomsys.com - XSS in oneVote component for Joomla <= 1.7.0
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-23325
Description: Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.

CVSS: CRITICAL (9.8)

EPSS Score: 0.13%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-2320
CF7 Google Sheets Connector < 5.0.2 - Reflected XSS
Description: The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-22814
Authentication Bypass issue in My Cloud OS 5 devices
Description: An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

CVSS: CRITICAL (10.0)

EPSS Score: 0.28%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-21640
Buffer Copy Without Checking Size of Input in Linux
Description: Memory corruption in Linux when the file upload API is called with parameters having large buffer.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-2142
Nunjucks autoescape bypass leads to cross site scripting
Description: In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character.

CVSS: MEDIUM (6.1)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)