Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-37301	Description: An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-37300	Description: An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-37299	Description: Joplin before 2.11.5 allows XSS via an AREA element of an image map. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-37298	Description: Joplin before 2.11.5 allows XSS via a USE element in an SVG document. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-37254	Description: An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-36749	Description: A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. CVSS: HIGH (7.4) EPSS Score: 0.11% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-36748	Description: A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. CVSS: MEDIUM (5.9) EPSS Score: 0.11% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-36632	Description: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. CVSS: LOW (0.0) EPSS Score: 0.19% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-36630	Description: In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. CVSS: LOW (0.0) EPSS Score: 0.14% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-36612	Description: Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)