Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8236 |
Description: The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-8177 |
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-7882 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: before 22.11.2024.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6972 |
|
|
CVE-2024-6831 |
Description: Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check.
Axis has released patched versions for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6749 |
Description: Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply.
Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-6476 |
Description: Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart.
Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53976 |
Description: Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53975 |
Description: Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53930 |
|