Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41579 |
Description: DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-28141 |
Description: The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-28140 |
Description: The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-28139 |
Description: The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-12382 |
Description: Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-12381 |
Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-37395 |
Description: IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data.
CVSS: LOW (2.5) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35866 |
Description: In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is "asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker."
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35862 |
Description: libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
CVSS: LOW (0.0) EPSS Score: 0.17%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35857 |
Description: In Siren Investigate before 13.2.2, session keys remain active even after logging out.
CVSS: LOW (0.0) EPSS Score: 0.32%
December 12th, 2024 (4 months ago)
|