Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21415
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21414
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21398
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21331
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21317
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21308
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-21303
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.16%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-11205
WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation
Description: The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions.

CVSS: HIGH (8.5)

EPSS Score: 0.07%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-10959
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth
Description: The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-10496
Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW
Description: An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)