Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51378 |
🚨 Marked as known exploited on December 4th, 2024 (5 months ago).
Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
CVSS: CRITICAL (10.0) EPSS Score: 23.11%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-11667 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
CVSS: HIGH (7.5) EPSS Score: 18.85%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-53104 |
🚨 Marked as known exploited on February 4th, 2025 (2 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2023-45727 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
CVSS: LOW (0.0) EPSS Score: 23.62%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-49035 |
🚨 Marked as known exploited on February 25th, 2025 (about 2 months ago).
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
CVSS: HIGH (8.7) EPSS Score: 0.19%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-11680 |
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
CVSS: CRITICAL (9.8) EPSS Score: 46.82%
November 27th, 2024 (5 months ago)
|