Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-22937 |
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22936 |
Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
CVSS: MEDIUM (6.3) EPSS Score: 0.07%
December 11th, 2024 (4 months ago)
|
|
CVE-2023-22931 |
Description: In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 11th, 2024 (4 months ago)
|
|
CVE-2024-9672 |
Description: A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.
CVSS: MEDIUM (6.3) EPSS Score: 0.06%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-8679 |
Description: The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-8259 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024.
NOTE: The vendor was contacted and it was learned that the product is not supported.
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-55601 |
Description: Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-55582 |
Description: Oxide before 6 has unencrypted Control Plane datastores.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-55566 |
Description: ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.
CVSS: MEDIUM (6.6) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-54260 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|