Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12571 |
Description: The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 21st, 2024 (4 months ago)
|
|
CVE-2024-11984 |
Description: A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.
CVSS: CRITICAL (9.4) EPSS Score: 0.04%
December 21st, 2024 (4 months ago)
|
|
CVE-2023-34990 |
Description: A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
December 21st, 2024 (4 months ago)
|
|
CVE-2024-56145 |
Description: CVE-2024-56145: Craft CMS Exploitation Tool
CVSS: CRITICAL (9.3) EPSS Score: 0.15%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-12356 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that
CVSS: CRITICAL (9.8) EPSS Score: 1.3%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-12626 |
Description: The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code.
CVSS: CRITICAL (9.6) EPSS Score: 0.09%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-10244 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 20th, 2024 (4 months ago)
|
|
CVE-2023-4617 |
Description: Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values.
This issue affects Govee Home applications on Android and iOS in versions before 5.9.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-53677 |
Description: A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12356 |
Description: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVSS: CRITICAL (9.8) EPSS Score: 1.3%
December 19th, 2024 (4 months ago)
|