Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-48880
Description: A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.

CVSS: MEDIUM (4.8)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48861
Description: DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48836
Description: Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

CVSS: MEDIUM (5.4)

EPSS Score: 0.07%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48812
Description: In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

CVSS: CRITICAL (9.8)

EPSS Score: 1.3%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48801
Description: In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

CVSS: CRITICAL (9.8)

EPSS Score: 1.31%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48656
Description: An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

CVSS: LOW (0.0)

EPSS Score: 0.13%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48208
Description: A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

CVSS: MEDIUM (6.1)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48198
Description: A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48176
Description: An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).

CVSS: CRITICAL (9.8)

EPSS Score: 0.29%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-48105
Description: An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

CVSS: HIGH (7.5)

EPSS Score: 0.1%

Source: CVE
November 27th, 2024 (5 months ago)