Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-53603	Description: A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53597	Description: masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53556	Description: An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53438	Description: EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-52951	Description: Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-52787	Description: An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-52771	Description: DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-52726	Description: CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-51367	Description: An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-51364	Description: An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)