Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-54004	Description: Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-54003	Description: Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53920	Description: In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53916	Description: In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. EPSS Score: 0.05% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53635	Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53604	Description: A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53603	Description: A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53597	Description: masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53556	Description: An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)
CVE-2024-53438	Description: EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands. EPSS Score: 0.04% Source: CVE November 28th, 2024 (5 months ago)