Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-55550 |
🚨 Marked as known exploited on January 7th, 2025 (4 months ago).
Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.
CVSS: LOW (0.0) EPSS Score: 42.72%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-55500 |
Description: Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54751 |
Description: COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54133 |
Description: Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
CVSS: LOW (2.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54051 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-54050 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-53552 |
Description: CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-53481 |
Description: A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-53480 |
Description: Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-53245 |
Description: In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|