Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-49490
Description: XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49462
Description: libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49432
Description: Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.

CVSS: CRITICAL (9.8)

EPSS Score: 0.18%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49314
Description: Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49228
Description: An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49215
Description: Usedesk before 1.7.57 allows filter reflected XSS.

CVSS: MEDIUM (6.1)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49046
Description: Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

CVSS: CRITICAL (9.8)

EPSS Score: 0.56%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48965
Description: An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

CVSS: HIGH (8.8)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48930
Description: xinhu xinhuoa 2.2.1 contains a File upload vulnerability.

CVSS: LOW (0.0)

EPSS Score: 0.13%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48912
Description: Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE
November 27th, 2024 (5 months ago)