Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-9420	Description: A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9413	Description: The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-9369	Description: Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-7025	Description: Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-54004	Description: Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-54003	Description: Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53920	Description: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53916	Description: In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53635	Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53604	Description: A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)