Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-10495
Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
Description: An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-10494
Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW
Description: An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2024-10256
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
Description: Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-6947
Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal
Description: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-49831
WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-48286
WordPress Accept Stripe Payments plugin <= 2.0.79 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-46231
Session Token Disclosure to Internal Log Files in Splunk Add-on Builder
Description: In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-46230
Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
Description: In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-46214
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
Description: In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

CVSS: HIGH (8.0)

EPSS Score: 17.51%

Source: CVE
December 11th, 2024 (4 months ago)

CVE-2023-4571
Unauthenticated Log Injection in Splunk IT Service Intelligence (ITSI)
Description: In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.

CVSS: HIGH (8.6)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (4 months ago)