Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-36475
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.

CVSS: CRITICAL (9.8)

EPSS Score: 14.4%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36377
Description: Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36347
Description: A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

CVSS: LOW (0.0)

EPSS Score: 6.43%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36291
Description: Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.

CVSS: LOW (0.0)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36146
Description: A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

CVSS: LOW (0.0)

EPSS Score: 0.07%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36144
Description: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

CVSS: LOW (0.0)

EPSS Score: 6.89%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-36143
Description: Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.

CVSS: LOW (0.0)

EPSS Score: 0.24%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-35932
jcvi vulnerable to Configuration Injection due to unsanitized user input
Description: jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.

CVSS: HIGH (7.1)

EPSS Score: 0.14%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-35925
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Description: FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-35830
Description: STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.

CVSS: LOW (0.0)

EPSS Score: 0.96%

Source: CVE
November 28th, 2024 (6 months ago)