Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-52676
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.
Description: Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a...
Description: An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-51210
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content...
Description: Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-50947
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
Description: An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-50671
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email...
Description: Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-50196
pinctrl: ocelot: fix system hang on level based interrupts
Description: In the Linux kernel, the following vulnerability has been resolved: pinctrl: ocelot: fix system hang on level based interrupts The current implementation only calls chained_irq_enter() and chained_irq_exit() if it detects pending interrupts. ``` for (i = 0; i < info->stride; i++) { uregmap_read(info->map, id_reg + 4 * i, ®); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` However, in case of GPIO pin configured in level mode and the parent controller configured in edge mode, GPIO interrupt might be lowered by the hardware. In the result, if the interrupt is short enough, the parent interrupt is still pending while the GPIO interrupt is cleared; chained_irq_enter() never gets called and the system hangs trying to service the parent interrupt. Moving chained_irq_enter() and chained_irq_exit() outside the for loop ensures that they are called even when GPIO interrupt is lowered by the hardware. The similar code with chained_irq_enter() / chained_irq_exit() functions wrapping interrupt checking loop may be found in many other drivers: ``` grep -r -A 10 chained_irq_enter drivers/pinctrl ```

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-4900
SEOPress < 7.8 - Contributor+ Open Redirect
Description: The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-48783
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
Description: An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.

CVSS: LOW (0.0)

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-48453
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function
Description: An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-48406
Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the...
Description: Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)