Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54002 |
Description: Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-5020 |
Description: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.13%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-49232 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Loureiro El mejor Cluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through 1.1.15.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-45206 |
Description: A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-29978 |
Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-27363 |
Description: A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure.
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-25073 |
Description: An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check a pointer specified by the CC (Call Control module), which can lead to Denial of Service (Untrusted Pointer Dereference).
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-23559 |
Description: HCL DevOps Deploy / Launch is generating an obsolete HTTP header.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-20397 |
Description: A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software.
CVSS: MEDIUM (5.2) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-12186 |
Description: A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Hotel Management System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei hotelnew.c der Komponente Available Room Handler. Mittels dem Manipulieren des Arguments admin_entry mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|