Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-28461 |
Description: Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVSS: LOW (0.0) EPSS Score: 35.59%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-28364 |
Description: An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
CVSS: LOW (0.0) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-23756 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-23325 |
|
|
CVE-2023-2320 |
Description: The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.07%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-22814 |
Description: An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.
This issue affects My Cloud OS 5 devices: before 5.26.202.
CVSS: CRITICAL (10.0) EPSS Score: 0.28%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-21640 |
Description: Memory corruption in Linux when the file upload API is called with parameters having large buffer.
CVSS: MEDIUM (6.7) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-2142 |
Description: In Nunjucks versions prior to version 3.2.4, it was
possible to bypass the restrictions which are provided by the autoescape
functionality. If there are two user-controlled parameters on the same
line used in the views, it was possible to inject cross site scripting
payloads using the backslash \ character.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-20760 |
Description: In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-20125 |
Description: A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition.
This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable.
Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVSS: HIGH (8.6) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|