Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54198 |
Description: In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54197 |
Description: SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.
CVSS: HIGH (7.2) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54095 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54094 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54093 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54091 |
Description: A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.
This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54037 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
CVSS: HIGH (7.3) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54036 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: HIGH (8.2) EPSS Score: 0.1%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54034 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS: HIGH (8.0) EPSS Score: 0.1%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-54008 |
Description: An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host.
CVSS: HIGH (7.2) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|