Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-23570
Description: Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

CVSS: MEDIUM (5.4)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23432
Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23424
Description: Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

CVSS: MEDIUM (6.5)

EPSS Score: 0.25%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2326
Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
Description: The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-23163
Description: Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.

CVSS: LOW (0.0)

EPSS Score: 0.8%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-22939
SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.

CVSS: HIGH (8.1)

EPSS Score: 0.22%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-22796
Description: A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

CVSS: LOW (0.0)

EPSS Score: 0.16%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2232
Description: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

CVSS: MEDIUM (6.5)

EPSS Score: 0.12%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2178
Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS
Description: The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-21226
Description: In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240728187References: N/A

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)