Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-30490 |
Description: Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2023-25988 |
Description: Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-8233 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-55888 |
Description: Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-55663 |
Description: XWiki Platform is a generic wiki platform. Starting in version 11.10.6 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki.
CVSS: HIGH (8.6) EPSS Score: 0.07%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-55633 |
Description: Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.
This issue affects Apache Superset: before 4.1.0.
Users are recommended to upgrade to version 4.1.0, which fixes the issue.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54107 |
Description: Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS: HIGH (7.1) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54106 |
Description: Null pointer dereference vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS: HIGH (7.1) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54098 |
Description: Service logic error vulnerability in the system service module
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVSS: HIGH (8.5) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54097 |
Description: Security vulnerability in the HiView module
Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.
CVSS: HIGH (7.3) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|