Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-46054	Description: OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-45690	Moodle: idor when deleting oauth2 linked accounts Description: A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-44786	Description: Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-44758	Description: An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-39707	Description: Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-37816	Description: Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-37782	Description: An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-33439	Description: An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-31976	Description: EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-30896	Description: InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. NOTE: the supplier indicates that this is intentional but is a "poor design choice" that will be changed in a future release. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)