Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-42196
HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability
Description: HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-38796
Integer overflow in PeCoffLoaderRelocateImage
Description: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-37476
WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-30129
HCL Nomad server on Domino is affected by a host header injection vulnerability
Description: The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-29776
WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability
Description: Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-28103
Action Pack is missing security headers on non-HTML responses
Description: Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

CVSS: MEDIUM (5.4)

EPSS Score: 0.12%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-23913
Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to...
Description: Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access violation.

CVSS: MEDIUM (4.0)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-21492
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session...
Description: All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.

CVSS: MEDIUM (4.8)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-21158
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are...
Description: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-21109
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to...
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS: MEDIUM (5.9)

EPSS Score: 0.13%

Source: CVE
December 7th, 2024 (4 months ago)