Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-56115	A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to... Description: A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55506	An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and... Description: An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55505	An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. Description: An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55492	Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). Description: Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55461	SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). Description: SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55239	A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to... Description: A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55232	An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete... Description: An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55231	An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify... Description: An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55089	Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function. Description: Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2024-55088	GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. Description: GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)