Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-47149
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
Description: Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS: LOW (3.3)

EPSS Score: 0.04%

Source: CVE
December 27th, 2024 (4 months ago)

CVE-2023-5117
Exposure of Sensitive Information Due to Incompatible Policies in GitLab
Description: An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.

CVSS: LOW (3.7)

EPSS Score: 0.04%

Source: CVE
December 27th, 2024 (4 months ago)

CVE-2024-55539
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.
Description: Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.

CVSS: LOW (2.5)

EPSS Score: 0.04%

Source: CVE
December 24th, 2024 (4 months ago)

CVE-2024-9101
phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
Description: A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

CVSS: LOW (2.1)

EPSS Score: 0.05%

Source: CVE
December 21st, 2024 (4 months ago)

CVE-2024-52589
Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse
Description: Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.

CVSS: LOW (2.2)

EPSS Score: 0.04%

Source: CVE
December 21st, 2024 (4 months ago)

CVE-2024-12014
Path Traversal and IDOR Vulnerabilities in eSignaViewer Allow Unauthorized File Access
Description: Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
December 21st, 2024 (4 months ago)

CVE-2023-2897
The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an...
Description: The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
December 21st, 2024 (4 months ago)

CVE-2023-2599
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the...
Description: The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

CVSS: LOW (3.1)

EPSS Score: 0.11%

Source: CVE
December 21st, 2024 (4 months ago)

CVE-2024-12801
SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
Description: Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE
December 20th, 2024 (4 months ago)

CVE-2024-12801
[ch.qos.logback:logback-core] QOS.CH logback-core Server-Side Request Forgery vulnerability
Description: Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in  XML configuration files. References https://nvd.nist.gov/vuln/detail/CVE-2024-12801 https://logback.qos.ch/news.html#1.5.13 https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d https://github.com/advisories/GHSA-6v67-2wr5-gvf4

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
December 19th, 2024 (4 months ago)