Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Description: Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-21326
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: CRITICAL (9.6)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-13061
2100 Technology Electronic Official Document Management System - Authentication Bypass
Description: The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-12108
WhatsUp Gold - Public API signing key rotation issue
Description: In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

CVSS: CRITICAL (9.6)

EPSS Score: 0.07%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-12106
WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication
Description: In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.

CVSS: CRITICAL (9.4)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-0057
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Description: NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVSS: CRITICAL (9.1)

EPSS Score: 0.15%

Source: CVE
January 1st, 2025 (5 months ago)

CVE-2024-56799
Simofa Allows Unauthenticated Access to API Routes
Description: Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
December 31st, 2024 (5 months ago)

CVE-2024-47926
Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description: Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 31st, 2024 (5 months ago)

CVE-2024-47919
Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description: Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 31st, 2024 (5 months ago)

CVE-2024-12828
Webmin CGI Command Injection Remote Code Execution Vulnerability
Description: Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
December 31st, 2024 (5 months ago)