Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52831 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: LOW (3.5) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-51165 |
Description: SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-50929 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-50924 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-50920 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-50699 |
Description: TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-50623 |
Description: In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
CVSS: LOW (0.0) EPSS Score: 96.92%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47577 |
Description: Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.
CVSS: LOW (2.7) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47576 |
Description: SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application.
CVSS: LOW (3.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-46657 |
Description: Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|