Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2686 |
Description: Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.
CVSS: CRITICAL (9.8) EPSS Score: 0.22%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-55884 |
Description: In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-53677 |
Description: File upload logic is flawed vulnerability in Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 6.4.0.
Users are recommended to upgrade to version 6.4.0, which fixes the issue.
You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-50339 |
Description: GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49112 |
Description: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-42448 |
Description: From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-11948 |
Description: GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-11737 |
Description: CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of
confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-32753 |
Description: OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-32752 |
Description: L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|