Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52558 |
Description: The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-51727 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-50404 |
Description: A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-49580 |
Description: In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-48867 |
Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-48859 |
Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-47146 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-4633 |
Description: The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-4456 |
Description: In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page.
CVSS: MEDIUM (4.1) EPSS Score: 0.04%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-42494 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
December 7th, 2024 (4 months ago)
|