Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-48874 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-48871 |
Description: The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-47547 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
CVSS: CRITICAL (9.4) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-12155 |
Description: The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-10773 |
Description: The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain
full access to the device.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-35166 |
Description: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
CVSS: CRITICAL (10.0) EPSS Score: 0.3%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-3128 |
Description: Grafana is validating Azure AD accounts based on the email claim.
On Azure AD, the profile email field is not unique and can be easily modified.
This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVSS: CRITICAL (9.4) EPSS Score: 0.22%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-0972 |
Description: Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
CVSS: CRITICAL (9.6) EPSS Score: 0.07%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-0971 |
Description: A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
CVSS: CRITICAL (9.6) EPSS Score: 0.07%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-6516 |
Description: Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 6th, 2024 (4 months ago)
|