Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-26615
Description: D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.

CVSS: LOW (0.0)

EPSS Score: 0.33%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-26613
Description: An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL.

CVSS: LOW (0.0)

EPSS Score: 0.67%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-26612
Description: D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.

CVSS: LOW (0.0)

EPSS Score: 0.27%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-26509
Description: AnyDesk 7.0.8 allows remote Denial of Service.

CVSS: LOW (0.0)

EPSS Score: 0.15%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-2628
KiviCare Management System < 3.2.1 - Multiple CSRF
Description: The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

CVSS: LOW (0.0)

EPSS Score: 0.21%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-2624
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
Description: The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

CVSS: LOW (0.0)

EPSS Score: 0.49%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-2623
KiviCare Management System < 3.2.1 - Subscriber+ Sensitive Information Disclosure
Description: The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-26134
Description: Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.

CVSS: CRITICAL (9.8)

EPSS Score: 0.47%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-26085
Description: A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-2605
WP Brutal AI < 2.0.1 - Admin+ Reflected XSS
Description: The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.

CVSS: LOW (0.0)

EPSS Score: 0.19%

Source: CVE
November 28th, 2024 (6 months ago)