Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41777 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS: HIGH (7.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-40691 |
Description: IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
CVSS: HIGH (8.0) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-37302 |
Description: Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11978 |
Description: DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11667 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
CVSS: HIGH (7.5) EPSS Score: 18.85%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11391 |
Description: The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11003 |
Description: Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-10074 |
Description: in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-4751 |
Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
CVSS: HIGH (7.8) EPSS Score: 0.08%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-4607 |
Description: An authenticated XCC user can change permissions for any user through a crafted API command.
CVSS: HIGH (7.5) EPSS Score: 0.09%
December 4th, 2024 (5 months ago)
|