Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-34968 |
Description: A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
EPSS Score: 0.33%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-34939 |
Description: Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVSS: LOW (0.0) EPSS Score: 1.53%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-34553 |
Description: An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-34110 |
Description: Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.
CVSS: LOW (2.7) EPSS Score: 0.08%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-33869 |
Description:
Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.
CVSS: MEDIUM (6.3) EPSS Score: 0.16%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-33725 |
Description: Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-33591 |
Description: User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-3347 |
Description: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.
EPSS Score: 0.1%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-33405 |
Description: Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
CVSS: LOW (0.0) EPSS Score: 0.13%
December 7th, 2024 (6 months ago)
|
|
CVE-2023-33387 |
Description: A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 7th, 2024 (6 months ago)
|