Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53554
Description: A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.

CVSS: HIGH (8.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-52899
IBM Data Virtualization Manager code execution
Description: IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-52550
Description: Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.

CVSS: HIGH (8.0)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-51208
Description: File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50376
Description: A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50369
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50368
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50367
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50366
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-50365
Description: A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (5 months ago)