Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-49035
Partner.Microsoft.Com Elevation of Privilege Vulnerability
🚨 Marked as known exploited on February 25th, 2025 (2 months ago).
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

CVSS: HIGH (8.7)

EPSS Score: 0.19%

Source: CVE
November 27th, 2024 (5 months ago)

CVE-2024-11680
ProjectSend Unauthenticated Configuration Modification
🚨 Marked as known exploited on December 3rd, 2024 (5 months ago).
Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

CVSS: CRITICAL (9.8)

EPSS Score: 46.82%

Source: CVE
November 27th, 2024 (5 months ago)