Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11693 |
Description: The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11680 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
CVSS: CRITICAL (9.8) EPSS Score: 46.82%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11145 |
Description: Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11024 |
Description: The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-10961 |
Description: The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-10542 |
Description: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-49999 |
|
|
CVE-2023-49432 |
|
|
CVE-2023-49046 |
|
|
CVE-2023-48812 |
Description: In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.
CVSS: CRITICAL (9.8) EPSS Score: 1.3%
November 27th, 2024 (5 months ago)
|