Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53273 |
Description: Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-53272 |
Description: Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-52537 |
Description: Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-51460 |
Description: IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49532 |
Description: Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49111 |
Description: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49110 |
Description: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49109 |
Description: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49099 |
Description: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49098 |
Description: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|