CyberAlerts

CVE-2024-51114

An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the...

Description: An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50948

An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request.

Description: An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50724

KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.

Description: KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50650

python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by...

Description: python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50649

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.

Description: The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50648

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse...

Description: yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-50647

The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can...

Description: The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-49417

Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities....

Description: Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-49414

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent...

Description: Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

CVE-2024-49203

Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery.

Description: Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 4th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: