Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38264 |
Description: Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVSS: MEDIUM (5.9) EPSS Score: 0.07%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-38203 |
Description: Windows Package Library Manager Information Disclosure Vulnerability
CVSS: MEDIUM (6.2) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-36463 |
|
|
CVE-2024-34021 |
Description: Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-33616 |
Description: Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11694 |
Description: Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11692 |
Description: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11678 |
Description: A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In CodeAstro Hospital Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /backend/doc/his_doc_register_patient.php. Durch das Manipulieren des Arguments pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11677 |
Description: A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in CodeAstro Hospital Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /backend/admin/his_admin_add_vendor.php der Komponente Add Vendor Details Page. Mittels Manipulieren des Arguments v_name/v_adr/v_number/v_email/v_phone/v_desc mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11676 |
Description: A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in CodeAstro Hospital Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /backend/admin/his_admin_add_lab_equipment.php der Komponente Add Laboratory Equipment Page. Mittels dem Manipulieren des Arguments eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.08%
November 27th, 2024 (5 months ago)
|