Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22097 |
Description: A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-21812 |
Description: An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-21795 |
Description: A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-21785 |
Description: A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-2044 |
Description: pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
CVSS: CRITICAL (9.9) EPSS Score: 0.16%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-20419 |
Description: A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.
This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
CVSS: CRITICAL (10.0) EPSS Score: 0.34%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-1874 |
Description: In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
CVSS: CRITICAL (9.4) EPSS Score: 0.04%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-1597 |
Description: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
CVSS: CRITICAL (10.0) EPSS Score: 0.28%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-13182 |
Description: The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 14th, 2025 (2 months ago)
|
|
CVE-2024-10763 |
Description: The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 14th, 2025 (2 months ago)
|