Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49147 |
Description: Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
CVSS: CRITICAL (9.3) EPSS Score: 0.21%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-47040 |
Description: There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-47039 |
Description: In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-47038 |
Description: In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12373 |
Description: A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12372 |
Description: A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12371 |
Description: A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-12287 |
Description: The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 19th, 2024 (4 months ago)
|
|
CVE-2021-40407 |
Description: Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVSS: CRITICAL (9.1)
December 18th, 2024 (4 months ago)
|
|
CVE-2024-54143 |
Description: A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 18th, 2024 (4 months ago)
|