Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-25499 |
Description: When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
CVSS: MEDIUM (5.7) EPSS Score: 0.09%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-21513 |
Description: Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
CVSS: MEDIUM (6.1) EPSS Score: 0.06%
December 6th, 2024 (5 months ago)
|
|
CVE-2023-20896 |
Description: The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
CVSS: MEDIUM (5.9) EPSS Score: 0.07%
December 6th, 2024 (5 months ago)
|
|
CVE-2024-9404 |
Description: Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service.
This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-8962 |
Description: The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-7488 |
Description: Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6247 |
Description: Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of SSIDs embedded in scanned QR codes. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22337.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54157 |
Description: In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54156 |
Description: In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVSS: MEDIUM (4.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54132 |
Description: The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|