Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-34738
Description: Chemex through 3.7.1 is vulnerable to arbitrary file upload.

CVSS: LOW (0.0)

EPSS Score: 0.3%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34735
Description: Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34734
Description: Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) .

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34658
Description: Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34656
Description: An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges.

CVSS: LOW (0.0)

EPSS Score: 0.1%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34652
Description: PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34651
Description: PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34650
Description: PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34254
Remote inventory task command injection when using ssh command mode
Description: The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.

CVSS: HIGH (7.7)

EPSS Score: 0.19%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-34240
Weak passwords allowed in cloudexplorer-lite
Description: Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: MEDIUM (6.5)

EPSS Score: 0.14%

Source: CVE
November 28th, 2024 (5 months ago)