Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38922 |
Description: Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-38921 |
Description: Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` .
CVSS: LOW (0.0) EPSS Score: 0.06%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-38344 |
Description: A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-34055 |
Description: Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-33117 |
Description: crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-32916 |
Description: In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-29857 |
Description: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
CVSS: LOW (0.0)
December 7th, 2024 (5 months ago)
|
|
CVE-2024-28345 |
Description: An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-28149 |
Description: Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-28016 |
Description: Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to get device informations via the internet.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|