Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-31410 |
Description: A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.
CVSS: CRITICAL (9.8) EPSS Score: 0.07%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-2907 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-55547 |
Description: SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54152 |
Description: Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54032 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: CRITICAL (9.3) EPSS Score: 0.1%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47578 |
Description: Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38182 |
Description: Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
CVSS: CRITICAL (9.0) EPSS Score: 0.13%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38164 |
Description: An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
CVSS: CRITICAL (9.6) EPSS Score: 0.28%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38124 |
Description: Windows Netlogon Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.0) EPSS Score: 0.11%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38089 |
Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.1) EPSS Score: 0.07%
December 11th, 2024 (4 months ago)
|