Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-40745 |
Description: Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-38829 |
Description: A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0.
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried
Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820
CVSS: LOW (3.7) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-28166 |
Description: SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitation, the attacker can cause a low impact on the Integrity of the
application.
CVSS: LOW (3.7) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-28138 |
Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-11107 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-10708 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-36359 |
Description: TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-36358 |
Description: TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-49138 |
Description: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-9651 |
Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|