Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52959 |
Description: A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-52958 |
Description: A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-42330 |
Description: The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-42327 |
Description: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6190 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
CVSS: CRITICAL (9.8) EPSS Score: 0.17%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6013 |
Description: H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-5010 |
Description: Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-48718 |
Description: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-46217 |
|
|
CVE-2023-45120 |
Description: Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|