Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-12686
Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
🚨 Marked as known exploited on January 13th, 2025 (4 months ago).
Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

CVSS: MEDIUM (6.6)

EPSS Score: 6.18%

Source: CVE
December 19th, 2024 (4 months ago)

CVE-2024-12356
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
🚨 Marked as known exploited on December 19th, 2024 (4 months ago).
Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

CVSS: CRITICAL (9.8)

EPSS Score: 1.3%

Source: CVE
December 18th, 2024 (4 months ago)

CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
🚨 Marked as known exploited on December 10th, 2024 (5 months ago).
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 12th, 2024 (5 months ago)

CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to...
🚨 Marked as known exploited on January 7th, 2025 (4 months ago).
Description: Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation.

CVSS: LOW (0.0)

EPSS Score: 42.72%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-41713
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated...
🚨 Marked as known exploited on January 7th, 2025 (4 months ago).
Description: A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

CVSS: LOW (0.0)

EPSS Score: 95.44%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and...
🚨 Marked as known exploited on December 4th, 2024 (5 months ago).
Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.

CVSS: CRITICAL (10.0)

EPSS Score: 23.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series...
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

CVSS: HIGH (7.5)

EPSS Score: 18.85%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-53104
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
🚨 Marked as known exploited on February 4th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2023-45727
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and...
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.

CVSS: LOW (0.0)

EPSS Score: 23.62%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-49035
Partner.Microsoft.Com Elevation of Privilege Vulnerability
🚨 Marked as known exploited on February 25th, 2025 (2 months ago).
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

CVSS: HIGH (8.7)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)