Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-49432	Description: Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. CVSS: CRITICAL (9.8) EPSS Score: 0.18% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-49314	Description: Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-49228	Description: An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-49215	Description: Usedesk before 1.7.57 allows filter reflected XSS. CVSS: MEDIUM (6.1) EPSS Score: 0.06% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-49046	Description: Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. CVSS: CRITICAL (9.8) EPSS Score: 0.56% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48965	Description: An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. CVSS: HIGH (8.8) EPSS Score: 0.08% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48930	Description: xinhu xinhuoa 2.2.1 contains a File upload vulnerability. CVSS: LOW (0.0) EPSS Score: 0.13% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48912	Description: Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. CVSS: HIGH (8.8) EPSS Score: 0.1% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48880	Description: A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. CVSS: MEDIUM (4.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2023-48861	Description: DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE November 27th, 2024 (5 months ago)