Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-47321	Description: Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47271	Description: PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-47262	Description: The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Direct physical access is required to exploit. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46919	Description: Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An attacker with physical access to the application's source code or binary can extract this key & use it decrypt the TLS secret. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46887	Description: In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. CVSS: HIGH (7.5) EPSS Score: 0.2% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46499	Description: Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46387	Description: LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. CVSS: LOW (0.0) EPSS Score: 0.44% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46381	Description: LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. CVSS: LOW (0.0) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46353	Description: In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSS: CRITICAL (9.8) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-46349	Description: In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSS: CRITICAL (9.8) EPSS Score: 0.14% Source: CVE November 27th, 2024 (5 months ago)