Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49088 |
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-49074 |
Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-22461 |
Description: Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-21544 |
Description: Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method.
An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
CVSS: HIGH (7.7) EPSS Score: 0.05%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-12552 |
Description: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.
CVSS: HIGH (7.0) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-12212 |
Description: The vulnerability occurs in the parsing of CSP files. The issues result
from the lack of proper validation of user-supplied data, which could
allow reading past the end of allocated data structures, resulting in
execution of arbitrary code.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-11839 |
Description: Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS: HIGH (8.6) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-11838 |
Description: External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS: HIGH (8.6) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-11837 |
Description: Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS: HIGH (8.6) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-11836 |
Description: Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.
CVSS: HIGH (8.6) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|