CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-28386 |
Description: Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.
CVSS: HIGH (8.6) EPSS Score: 0.39%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-28168 |
Description: Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9.
CVSS: LOW (3.7) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-28165 |
Description: Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2812 |
Description: The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-2805 |
Description: The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-27626 |
Description: Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-27625 |
Description: Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-27454 |
Description: Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-27449 |
Description: Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-27428 |
Description: Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|