Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53751
WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53741
WordPress Simple Popup plugin <= 4.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53721
WordPress Advanced Event Manager plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53709
WordPress Generic Elements plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53708
WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53707
WordPress Ahmeti Wp Güzel Sözler plugin <= 4.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53259
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Description: quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52809
Cross-site Scripting vulnerability with prototype pollution in vue-i18n
Description: vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52801
Brute force takeover of OpenID Connect session cookies in sftpgo
Description: sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-52503
WordPress Tailored Tools plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)