Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52481 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-36466 |
Description: A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-22038 |
Description: Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
CVSS: HIGH (7.3) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-11969 |
Description: The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-11960 |
Description: A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In D-Link DIR-605L 2.13B01 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formSetPortTr der Datei /goform/formSetPortTr. Dank Manipulation des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.15%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-11620 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-11599 |
Description: Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration.
CVSS: HIGH (8.2) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53860 |
Description: sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability.
CVSS: HIGH (8.6) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-52323 |
Description: Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.
CVSS: HIGH (8.1) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-47181 |
Description: Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|