Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-28387 |
Description: "NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28073 |
Description:
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28065 |
Description:
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-28026 |
Description:
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-27199 |
Description: PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-27082 |
Description: Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-26299 |
Description: A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-2625 |
Description: A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-25517 |
Description:
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2023-25307 |
Description: nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 5th, 2024 (5 months ago)
|