Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-8299
Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
Description: Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-11959
D-Link DIR-605L formResetStatistic buffer overflow
Description: A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in D-Link DIR-605L 2.13B01 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion formResetStatistic der Datei /goform/formResetStatistic. Dank der Manipulation des Arguments curTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

EPSS Score: 0.15%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-11402
WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-9852
Malicious Code Execution Vulnerability in GENESIS64 and MC Works64
Description: Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-9669
File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-8300
Malicious Code Execution Vulnerability in GENESIS64
Description: Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.

CVSS: HIGH (7.0)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-8066
File Manager Pro – Filester <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-53736
WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-53734
WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)

CVE-2024-53733
WordPress Fence URL plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (5 months ago)