CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-25652	"git apply --reject" partially-controlled arbitrary file write Description: Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. CVSS: HIGH (7.5) EPSS Score: 0.58% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-25521	Description: NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-25433	Description: libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-25304	Description: An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-2482	Responsive CSS EDITOR <= 1.0 - Admin+ SQLi Description: The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. CVSS: LOW (0.0) EPSS Score: 0.1% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-24734	Description: An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. CVSS: LOW (0.0) EPSS Score: 0.4% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-23570	Description: Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. CVSS: MEDIUM (5.4) EPSS Score: 0.07% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-23432	Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. CVSS: HIGH (7.3) EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-23424	Description: Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution CVSS: MEDIUM (6.5) EPSS Score: 0.25% Source: CVE November 28th, 2024 (7 months ago)
CVE-2023-2326	Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF Description: The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack CVSS: LOW (0.0) EPSS Score: 0.07% Source: CVE November 28th, 2024 (7 months ago)