Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12015 |
Description: The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-11700 |
Description: Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVSS: HIGH (8.1) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-10490 |
Description: An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
CVSS: HIGH (8.4) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6245 |
Description: The Candid library causes a Denial of Service while
parsing a specially crafted payload with 'empty' data type. For example,
if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using affected versions of candid
are exposed to denial of service by causing the decoding to run
indefinitely until the canister traps due to reaching maximum
instruction limit per execution round. Repeated exposure to the payload
will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
CVSS: HIGH (7.5) EPSS Score: 0.08%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6185 |
Description: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.
In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
CVSS: HIGH (8.3) EPSS Score: 0.27%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6118 |
Description: Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-6033 |
Description: Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.
CVSS: HIGH (8.7) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5986 |
Description:
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
CVSS: HIGH (8.2) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5444 |
Description:
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
CVSS: HIGH (8.0) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-5247 |
Description: Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in information disclosure, tampering and deletion, or a denial-of-service (DoS) condition.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 3rd, 2024 (5 months ago)
|