Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-36097 |
Description: funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
CVSS: LOW (0.0) EPSS Score: 0.3%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-36093 |
Description: There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-35800 |
Description: Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-35799 |
Description: Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-35690 |
Description: In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.12%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-34839 |
Description: A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-34838 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-34837 |
Description: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-34389 |
Description: An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time.
See product Instruction Manual Appendix A dated 20230830 for more details.
CVSS: MEDIUM (4.5) EPSS Score: 0.09%
December 3rd, 2024 (6 months ago)
|
|
CVE-2023-34203 |
Description: In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 3rd, 2024 (6 months ago)
|