Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-28810
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device...
Description: Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2847
Local privilege escalation in ESET products for Linux and MacOS
Description: During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-28424
Soko SQL Injection vulnerability
Description: Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.

CVSS: CRITICAL (9.1)

EPSS Score: 0.49%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2779
Super Socializer < 7.13.52 - Reflected XSS
Description: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.42%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2719
SupportCandy < 3.1.7 - Subscriber+ SQLi
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto...
Description: Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.

CVSS: CRITICAL (9.8)

EPSS Score: 0.22%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25683
IBM PowerVM Hypervisor information disclosure
Description: IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.

CVSS: MEDIUM (5.9)

EPSS Score: 0.1%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25645
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application...
Description: There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25366
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.
Description: In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings...
Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (5 months ago)