Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-46349
Description: In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVSS: CRITICAL (9.8)

EPSS Score: 0.14%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-46157
Description: File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-45311
Description: fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary.

CVSS: LOW (0.0)

EPSS Score: 0.87%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-45253
Description: An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-43887
Description: Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

CVSS: HIGH (8.1)

EPSS Score: 0.12%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-43454
Description: An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.

CVSS: CRITICAL (9.8)

EPSS Score: 0.32%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-43320
Description: An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-43298
Description: An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-42479
Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
Description: An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

CVSS: MEDIUM (6.1)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-42325
Description: Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.

CVSS: LOW (0.0)

EPSS Score: 4.04%

Source: CVE
November 27th, 2024 (5 months ago)