Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53335 |
|
|
CVE-2024-43462 |
Description: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.15%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43459 |
Description: SQL Server Native Client Remote Code Execution Vulnerability
CVSS: HIGH (8.8) EPSS Score: 0.15%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43450 |
Description: Windows DNS Spoofing Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.13%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-43447 |
Description: Windows SMBv3 Server Remote Code Execution Vulnerability
CVSS: HIGH (8.1) EPSS Score: 0.16%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-33605 |
Description: Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: HIGH (7.5) EPSS Score: 0.09%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-32965 |
Description: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-20308 |
Description: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading.
This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..
CVSS: HIGH (8.6) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11745 |
Description: A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in Tenda AC8 16.03.34.09 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion route_static_check der Datei /goform/SetStaticRouteCfg. Durch Beeinflussen des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.09%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11702 |
Description: Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVSS: HIGH (7.5) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|