Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8806 |
Description: Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24160.
CVSS: CRITICAL (9.8) EPSS Score: 0.12%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-52544 |
Description: An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-51378 |
🚨 Marked as known exploited on December 4th, 2024 (5 months ago).
Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
CVSS: CRITICAL (10.0) EPSS Score: 23.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11979 |
Description: DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-4662 |
Description: Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-3249 |
Description: The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-2278 |
Description: The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.34%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-8785 |
Description: In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53990 |
Description: The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests.
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52476 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|