Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-9428 |
Description: The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-8587 |
Description: A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-55099 |
Description: A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54922 |
Description: A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54918 |
Description: Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54842 |
Description: A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54811 |
Description: A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54810 |
Description: A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54490 |
Description: This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-50584 |
Description: An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (4 months ago)
|