Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10729 |
Description: The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-10570 |
Description: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-10382 |
Description: There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02.
CVSS: HIGH (7.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-10344 |
Description: In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.
CVSS: HIGH (8.7) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-48965 |
|
|
CVE-2023-48912 |
|
|
CVE-2023-48105 |
Description: An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.
CVSS: HIGH (7.5) EPSS Score: 0.1%
November 27th, 2024 (5 months ago)
|
|
CVE-2023-47453 |
|
|
CVE-2023-46887 |
|
|
CVE-2023-45253 |
Description: An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.
CVSS: HIGH (7.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|