Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54135 |
Description: ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-53810 |
Description: Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-52335 |
Description: A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-52324 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-52320 |
Description: The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-51815 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-51615 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-50389 |
Description: A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-50388 |
Description: An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-50387 |
Description: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.
We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|