Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-47581 |
Description: SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47580 |
Description: An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47579 |
Description: An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-47117 |
Description: IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-46886 |
Description: The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
CVSS: MEDIUM (4.7) EPSS Score: 0.06%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-45709 |
Description: SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
CVSS: MEDIUM (5.3) EPSS Score: 0.09%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-45663 |
Description: IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-43754 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-43752 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-43751 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|