CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/05/24 1:15 p.m.•21 views

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...

NVD•added 2024/05/24 1:15 p.m.•23 views

CVE-2023-49573

OSV•added 2024/05/24 1:15 p.m.•6 views

CVE-2023-49572

6.1CVSS5.8AI score

Vulnrichment•added 2024/05/24 12:40 p.m.•12 views

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...

7.1CVSS6.3AI score0.00254EPSS

CVE•added 2024/05/24 12:40 p.m.•62 views

CVE-2023-49575

CVE-2023-49575 affects VX Search Enterprise (v10.2.14) and related Flexense products (Sync Breeze Enterprise Server 10.4.18, Disk Pulse Enterprise 10.4.18). A persistent XSS vulnerability exists via the /setup_smtp API endpoints, specifically in smtp_server, smtp_user, smtp_password, and smtp_ema...

7.1CVSS6.3AI score0.00254EPSS

Cvelist•added 2024/05/24 12:40 p.m.•26 views

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

Vulnrichment•added 2024/05/24 12:40 p.m.•15 views

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addjob in jobname. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

7.1CVSS6.2AI score0.00254EPSS

CVE•added 2024/05/24 12:40 p.m.•55 views

CVE-2023-49574

VX Search Enterprise 10.2.14 is affected by a persistent XSS vulnerability affecting the /add_job API (job_name / add job parameter). Attackers could store malicious JavaScript payloads that execute when the page loads. Public sources confirm the vulnerability impact but do not provide exploitati...

Cvelist•added 2024/05/24 12:40 p.m.•14 views

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

CVE•added 2024/05/24 12:39 p.m.•56 views

CVE-2023-49573

VX Search Enterprise 10.2.14 is affected by a persistent XSS in the API endpoint exposed via the /add_command_action (action_value) field. The issue allows storing malicious JavaScript payloads that execute when the page loads. The connected PT-2024-13752 entry corroborates an XSS via the /add co...

Vulnrichment•added 2024/05/24 12:39 p.m.•14 views

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

7.1CVSS6.2AI score0.00254EPSS

Cvelist•added 2024/05/24 12:39 p.m.•20 views

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

Cvelist•added 2024/05/24 12:39 p.m.•23 views

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

CVE•added 2024/05/24 12:39 p.m.•62 views

CVE-2023-49572

CVE-2023-49572 corresponds to a persistent XSS vulnerability in VX Search Enterprise (v10.2.14) and Disk Pulse Enterprise (v10.4.18) exploitable via /setup_odbc parameters odbc_data_source, odbc_user and odbc_password. The issue allows an attacker to store and trigger malicious JavaScript payload...

7.1CVSS6.3AI score0.00254EPSS

Microsoft Secure•added 2024/05/23 1:0 p.m.•11 views

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

7.5AI score

Exploits0

Github Security Blog•added 2024/05/21 8:42 p.m.•6 views

Shopware Non-Persistent XSS in the Frontend

A non-persistent Cross-Site Scripting XSS vulnerability has been identified in the Shopware eCommerce platform within the frontend. This vulnerability may allow an attacker to inject and execute malicious scripts in the context of a victim's web browser...

5.9AI score

Exploits0References5Affected Software1

The Hacker News•added 2024/05/21 1:7 p.m.•12 views

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consis...

6.7AI score

Exploits0

hivepro•added 2024/05/20 1:2 p.m.•20 views

DarkGate Malware: Persistent Threat in Active Distribution

...

7.3AI score

Exploits0

OSV•added 2024/05/17 2:15 p.m.•1 views

DEBIAN-CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed other kernel module instance of the same PCI device have had kept the reference to that pin, and kernel...

5.5CVSS5.9AI score0.00191EPSS