Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-52951	Description: Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History EPSS Score: 0.05% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-52787	Description: An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. EPSS Score: 0.05% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-52771	Description: DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-52726	Description: CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-51367	Description: An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-51364	Description: An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-51330	Description: An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-51228	Description: An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component. EPSS Score: 0.05% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-51163	Description: A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)
CVE-2024-50672	Description: A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application. EPSS Score: 0.04% Source: CVE November 28th, 2024 (6 months ago)