Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53785 |
Description: Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53285 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53284 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53283 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53282 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53281 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53280 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53279 |
Description: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-52599 |
Description: Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-52586 |
Description: eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|