NVD disclosure day

Published threat advisories for December 21, 2023

CVE advisoryKnown Exploit

CVE-2023-7024

Chrome WebRTC Heap Corruption Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A heap buffer overflow in Google Chrome's WebRTC component allows remote attackers to exploit heap corruption via a crafted HTML page. This could impact systems by potentially compromising data and causing business disruption. Organizations should address this to mitigate risk.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2023-6145

Softomi Marketplace Software allows attackers to steal customer data and take control.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical flaw in Softomi Marketplace Software lets attackers steal data and disrupt online stores. This issue demands immediate attention as it affects public-facing marketplaces and could expose sensitive customer information.

NVD published: