Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53938 |
Description: An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53920 |
Description: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53900 |
Description: Mongoose before 8.8.3 can improperly use $where in match.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53861 |
Description: pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" != "__abc__":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (2.2) EPSS Score: 0.06%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53623 |
Description: Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53617 |
Description: A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53566 |
Description: An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53564 |
Description: An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53507 |
Description: A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53506 |
Description: A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|