Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-49987 |
Description: A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-48010 |
Description: STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-39470 |
Description: PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.
The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
CVSS: HIGH (7.2) EPSS Score: 0.28%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-37365 |
Description: Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36675 |
Description: An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.
CVSS: LOW (0.0) EPSS Score: 0.26%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36666 |
Description: INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36664 |
Description: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVSS: LOW (0.0) EPSS Score: 0.12%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36663 |
Description: it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.
CVSS: LOW (0.0) EPSS Score: 0.13%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36348 |
Description: POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
CVSS: LOW (0.0) EPSS Score: 1.64%
December 6th, 2024 (6 months ago)
|
|
CVE-2023-36346 |
Description: POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
CVSS: LOW (0.0) EPSS Score: 1.02%
December 6th, 2024 (6 months ago)
|