Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-54003	Description: Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53920	Description: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53916	Description: In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53635	Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53604	Description: A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53603	Description: A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53597	Description: masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53556	Description: An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53438	Description: EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-52951	Description: Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)