Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-35975
Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion
Description: An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.

CVSS: MEDIUM (6.5)

EPSS Score: 0.08%

Source: CVE
December 5th, 2024 (6 months ago)

CVE-2023-33842
IBM SPSS Modeler information disclosure
Description: IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (6 months ago)

CVE-2023-3114
Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool
Description: Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.

CVSS: MEDIUM (5.0)

EPSS Score: 0.06%

Source: CVE
December 5th, 2024 (6 months ago)

CVE-2023-28065
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point...
Description: Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

CVSS: MEDIUM (6.7)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (6 months ago)

CVE-2023-28026
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially...
Description: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (6 months ago)

CVE-2024-9978
Liteos_a has an out-of-bounds read vulnerability
Description: in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-9694
CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description: The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-9287
Virtual environment (venv) activation scripts don't quote paths
Description: A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-9197
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions...
Description: A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

CVSS: MEDIUM (4.9)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-9058
Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget
Description: The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)