Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42329 |
Description: The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.
CVSS: LOW (3.3) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-42328 |
Description: When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.
CVSS: LOW (3.3) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-36468 |
Description: The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.
CVSS: LOW (3.0) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-36464 |
Description: When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.
CVSS: LOW (2.7) EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-29014 |
|
|
CVE-2023-50297 |
Description: Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.07%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-49119 |
Description: Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-48308 |
Description: Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3
CVSS: LOW (3.5) EPSS Score: 0.07%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-47643 |
Description: SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds.
CVSS: LOW (3.1) EPSS Score: 29.84%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-44389 |
Description: Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
CVSS: LOW (3.1) EPSS Score: 0.06%
November 28th, 2024 (5 months ago)
|