Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-51058
Description: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.

CVSS: MEDIUM (6.2)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-50377
Description: A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-49596
Description: Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-49351
IBM Workload Scheduler information disclosure
Description: IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-49054
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-49044
Visual Studio Elevation of Privilege Vulnerability
Description: Visual Studio Elevation of Privilege Vulnerability

CVSS: MEDIUM (6.7)

EPSS Score: 0.06%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-49025
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVSS: MEDIUM (5.4)

EPSS Score: 0.09%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-48747
Description: An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-47854
Description: An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-45877
Description: baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)