Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-2779
Super Socializer < 7.13.52 - Reflected XSS
Description: The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.42%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2719
SupportCandy < 3.1.7 - Subscriber+ SQLi
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2686
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto...
Description: Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.

CVSS: CRITICAL (9.8)

EPSS Score: 0.22%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25683
IBM PowerVM Hypervisor information disclosure
Description: IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.

CVSS: MEDIUM (5.9)

EPSS Score: 0.1%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25645
There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application...
Description: There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25366
In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.
Description: In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings...
Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25187
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change...
Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.

CVSS: MEDIUM (6.3)

EPSS Score: 0.11%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-25185
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single...
Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: CVE
December 13th, 2024 (5 months ago)

CVE-2023-2492
QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi
Description: The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
December 13th, 2024 (5 months ago)