Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22938 |
Description: Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
CVSS: HIGH (7.8) EPSS Score: 0.02% SSVC Exploitation: poc
May 29th, 2025 (10 days ago)
|
|
CVE-2024-22859 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem.
CVSS: HIGH (8.8) EPSS Score: 1.48% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-21985 |
Description: ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10
and 9.13.1P4 are susceptible to a vulnerability which could allow an
authenticated user with multiple remote accounts with differing roles to
perform actions via REST API beyond their intended privilege. Possible
actions include viewing limited configuration details and metrics or
modifying limited settings, some of which could result in a Denial of
Service (DoS).
CVSS: HIGH (7.6) EPSS Score: 0.12% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-21649 |
Description: The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
CVSS: HIGH (8.8) EPSS Score: 3.6% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-21620 |
Description: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator.
A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.
This issue affects Juniper Networks Junos OS on SRX Series and EX Series:
* All versions earlier than 20.4R3-S10;
* 21.2 versions earlier than 21.2R3-S8;
* 21.4 versions earlier than 21.4R3-S6;
* 22.1 versions earlier than 22.1R3-S5;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R3-S1;
* 23.2 versions earlier than 23.2R2;
* 23.4 versions earlier than 23.4R2.
CVSS: HIGH (8.8) EPSS Score: 0.25% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-1117 |
Description: A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. In openBI bis 1.0.8 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion index der Datei /application/index/controller/Screen.php. Durch die Manipulation des Arguments fileurl mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.06% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-1115 |
Description: A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability. Eine kritische Schwachstelle wurde in openBI bis 1.0.8 gefunden. Betroffen davon ist die Funktion dlfile der Datei /application/websocket/controller/Setting.php. Dank Manipulation des Arguments phpPath mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.48% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-1112 |
Description: Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.
CVSS: HIGH (7.3) EPSS Score: 32.55% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-1085 |
Description: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability.
We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.
CVSS: HIGH (7.8) EPSS Score: 0.02% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|
|
CVE-2024-1069 |
Description: The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.2) EPSS Score: 2.46% SSVC Exploitation: none
May 29th, 2025 (10 days ago)
|