Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31672 |
Description: In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.21%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-30759 |
Description: The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-30453 |
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.
Description: The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-29711 |
Description: An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.43%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-2899 |
Description: The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.05%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-28810 |
Description: Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-2847 |
Description:
During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges.
ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-28424 |
Description: Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries.
CVSS: CRITICAL (9.1) EPSS Score: 0.49%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-2779 |
Description: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.42%
December 13th, 2024 (5 months ago)
|
|
CVE-2023-2719 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 13th, 2024 (5 months ago)
|