Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-46499	Description: Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46387	Description: LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. CVSS: LOW (0.0) EPSS Score: 0.44% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46381	Description: LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. CVSS: LOW (0.0) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46353	Description: In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSS: CRITICAL (9.8) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46349	Description: In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSS: CRITICAL (9.8) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46157	Description: File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. CVSS: LOW (0.0) EPSS Score: 0.11% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-45311	Description: fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary. CVSS: LOW (0.0) EPSS Score: 0.87% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-45253	Description: An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-43887	Description: Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. CVSS: HIGH (8.1) EPSS Score: 0.12% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-43454	Description: An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. CVSS: CRITICAL (9.8) EPSS Score: 0.32% Source: CVE November 27th, 2024 (5 months ago)