Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-37775	Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. Description: Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. EPSS Score: 0.04% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-37774	A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an... Description: A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. EPSS Score: 0.04% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-37773	An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an... Description: An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. EPSS Score: 0.04% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-37018	The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by... Description: The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-29671	Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler... Description: Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. EPSS Score: 0.05% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-28326	Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. Description: Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. EPSS Score: 0.04% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-22075	Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Description: Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. EPSS Score: 0.06% Source: CVE December 17th, 2024 (4 months ago)
CVE-2024-11841	Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode Description: The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.04% Source: CVE December 17th, 2024 (4 months ago)
CVE-2023-34800	D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. Description: D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. EPSS Score: 0.69% Source: CVE December 17th, 2024 (4 months ago)
CVE-2023-32435	A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS... Description: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. EPSS Score: 0.2% Source: CVE December 17th, 2024 (4 months ago)