Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-42479	Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct Description: An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information. CVSS: MEDIUM (6.1) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-42325	Description: Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. CVSS: LOW (0.0) EPSS Score: 4.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-42189	Description: Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. CVSS: LOW (0.0) EPSS Score: 0.47% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41621	Description: A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41618	Description: Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41171	Description: NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41166	Description: An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-41118	Description: An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. CVSS: LOW (0.0) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-38857	Description: Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. CVSS: LOW (0.0) EPSS Score: 0.11% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-38710	Description: An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)