Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-50089
Description: A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

CVSS: LOW (0.0)

EPSS Score: 0.42%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50038
Description: There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49999
Description: Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.

CVSS: CRITICAL (9.8)

EPSS Score: 1.42%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49991
Description: Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49706
Description: Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49587
Command Injection vulnerability in SAP Solution Manager
Description: SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49490
Description: XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49462
Description: libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49432
Description: Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.

CVSS: CRITICAL (9.8)

EPSS Score: 0.18%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49314
Description: Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)