Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12024 |
Description: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.
Note: this vulnerability requires the "Guest Submissions" setting to be enabled. It is disabled by default.
CVSS: HIGH (7.2) EPSS Score: 0.06%
December 18th, 2024 (5 months ago)
|
|
CVE-2024-11999 |
Description: CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete
control of the device when an authenticated user installs malicious code into HMI product.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 18th, 2024 (5 months ago)
|
|
CVE-2024-11422 |
Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 18th, 2024 (5 months ago)
|
|
CVE-2024-10476 |
Description: Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics
Solution is only in scope of
this vulnerability when
installed on a NUC server. BD Synapsys™
Informatics Solution installed
on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is
not in scope.
CVSS: HIGH (8.0) EPSS Score: 0.04%
December 18th, 2024 (5 months ago)
|
|
CVE-2023-35782 |
Description: The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.
CVSS: HIGH (8.2) EPSS Score: 0.14%
December 18th, 2024 (5 months ago)
|
|
CVE-2023-3294 |
Description: Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
CVSS: HIGH (7.6) EPSS Score: 0.07%
December 18th, 2024 (5 months ago)
|
|
CVE-2023-3293 |
Description: Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
CVSS: HIGH (7.6) EPSS Score: 0.07%
December 18th, 2024 (5 months ago)
|
|
CVE-2023-28175 |
Description: Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
CVSS: HIGH (7.1) EPSS Score: 0.09%
December 18th, 2024 (5 months ago)
|
|
CVE-2024-8587 |
Description: A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
December 17th, 2024 (6 months ago)
|
|
CVE-2024-8058 |
Description: An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 17th, 2024 (6 months ago)
|