Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8496 |
Description: Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-55659 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-55658 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-55657 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-53292 |
Description: Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
CVSS: HIGH (7.2) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-53290 |
Description: Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-53289 |
Description: Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49138 |
🚨 Marked as known exploited on December 10th, 2024 (4 months ago).
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49128 |
Description: Windows Remote Desktop Services Remote Code Execution Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49126 |
Description: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|