Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56085 |
Description: An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56084 |
Description: An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56083 |
Description: Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session.
EPSS Score: 0.05%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56073 |
Description: An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash).
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-56072 |
Description: An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55970 |
Description: File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55557 |
Description: ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
EPSS Score: 0.05%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55554 |
Description: Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55452 |
Description: A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.
EPSS Score: 0.06%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-55451 |
Description: A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens.
EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|