Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-2834	Description: The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53915	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53914	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53913	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53912	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53911	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53910	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-53909	Description: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-52765	Description: H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. CVSS: CRITICAL (9.8) EPSS Score: 0.13% Source: CVE November 27th, 2024 (5 months ago)
CVE-2024-52677	Description: HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. CVSS: CRITICAL (9.8) EPSS Score: 0.09% Source: CVE November 27th, 2024 (5 months ago)