Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-50475
Description: An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.

CVSS: LOW (0.0)

EPSS Score: 0.29%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50470
Description: A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50444
Description: By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50101
Description: JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50089
Description: A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

CVSS: LOW (0.0)

EPSS Score: 0.42%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-50038
Description: There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49999
Description: Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.

CVSS: CRITICAL (9.8)

EPSS Score: 1.42%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49991
Description: Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49706
Description: Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2023-49587
Command Injection vulnerability in SAP Solution Manager
Description: SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)