Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54137
liboqs has a correctness error in HQC decapsulation
Description: liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0.

CVSS: HIGH (7.4)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-54136
Untrusted Deserialization in ClipBucket-v5 Version 5.5.1 Revision 199 and Below
Description: ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-54135
Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199
Description: ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53908
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the...
Description: An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53907
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter...
Description: An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53826
WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability
Description: Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53825
WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53824
WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53823
WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53821
WordPress Pie Register Premium plugin < 3.8.3.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a through n/a.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)