Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-23432
Description: Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-22939
SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.

CVSS: HIGH (8.1)

EPSS Score: 0.22%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2023-1724
Faveo Helpdesk Enterprise 6.0.1 - Privilege Escalation via Stored XSS
Description: Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.

CVSS: HIGH (7.3)

EPSS Score: 0.08%

Source: CVE
November 28th, 2024 (6 months ago)

CVE-2024-53335
Description: TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43462
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43459
SQL Server Native Client Remote Code Execution Vulnerability
Description: SQL Server Native Client Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.15%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43450
Windows DNS Spoofing Vulnerability
Description: Windows DNS Spoofing Vulnerability

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-43447
Windows SMBv3 Server Remote Code Execution Vulnerability
Description: Windows SMBv3 Server Remote Code Execution Vulnerability

CVSS: HIGH (8.1)

EPSS Score: 0.16%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-33605
Description: Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS: HIGH (7.5)

EPSS Score: 0.09%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-32965
ssrf vulnerability in lobe-chat
Description: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)