Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0232 |
Description: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-0217 |
Description: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6832 |
Description: Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS: MEDIUM (6.0) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6804 |
Description: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6784 |
Description:
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS: MEDIUM (4.7) EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6190 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
CVSS: CRITICAL (9.8) EPSS Score: 0.17%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6021 |
Description: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
CVSS: HIGH (7.5) EPSS Score: 0.6%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6013 |
Description: H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-5961 |
Description: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
CVSS: HIGH (8.8) EPSS Score: 0.07%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-52082 |
Description: Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vulnerable to an SQL injection on any binding when using mysql/mariadb. This injection is only active for users with the `.env` settings set to DB_LOG_SQL=true and DB_LOG_SQL_EXPLAIN=true. The defaults settings of Lychee are safe. The patch is provided on version 5.0.2. To work around this issue, disable SQL EXPLAIN logging.
CVSS: HIGH (8.8) EPSS Score: 0.13%
November 28th, 2024 (5 months ago)
|