Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-28365
Description: A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2795
CodeColorer < 0.10.1 – Admin+ Stored Cross-Site Scripting
Description: The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2711
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
Description: The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26966
Description: libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26616
Description: D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.

CVSS: LOW (0.0)

EPSS Score: 0.27%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26615
Description: D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.

CVSS: LOW (0.0)

EPSS Score: 0.33%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26613
Description: An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.

CVSS: LOW (0.0)

EPSS Score: 0.67%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26612
Description: D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.

CVSS: LOW (0.0)

EPSS Score: 0.27%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-26509
Description: AnyDesk 7.0.8 allows remote Denial of Service.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
November 28th, 2024 (5 months ago)

CVE-2023-2628
KiviCare Management System < 3.2.1 - Multiple CSRF
Description: The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
November 28th, 2024 (5 months ago)