Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11351 |
Description: The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-11008 |
Description: The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-10511 |
Description: CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface
when someone on the local network repeatedly requests the /accessdenied URL.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-35783 |
Description: The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.
CVSS: MEDIUM (6.3) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-2683 |
Description: A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2023-25186 |
Description: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.
CVSS: MEDIUM (5.1) EPSS Score: 0.06%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-8256 |
Description: In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-7894 |
Description: The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-55653 |
Description: PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-55548 |
Description: Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|