Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11634 |
Description: Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
CVSS: CRITICAL (9.1) EPSS Score: 0.06%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-11633 |
Description: Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-36754 |
Description: A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVSS: CRITICAL (9.1) EPSS Score: 0.16%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-36434 |
Description: Windows IIS Server Elevation of Privilege Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-35349 |
Description: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.22%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-27992 |
Description: The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
CVSS: CRITICAL (9.8) EPSS Score: 2.94%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54215 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53822 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-43222 |
Description: Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-5288 |
Description:
A remote unauthorized attacker may connect to the SIM1012, interact with the device and
change configuration settings. The adversary may also reset the SIM and in the worst case upload a
new firmware version to the device.
CVSS: CRITICAL (9.8) EPSS Score: 0.2%
December 10th, 2024 (4 months ago)
|