Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53799
WordPress FloristPress plugin <= 7.3.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53797
WordPress Beaver Builder – WordPress Page Builder plugin <= 2.8.4.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53796
WordPress Themesflat Addons For Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53795
WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53794
WordPress Arkhe Blocks plugin <= 2.27.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53691
QTS, QuTS hero
Description: A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53142
initramfs: avoid filename buffer overrun
Description: In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. -...

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-53141
netfilter: ipset: add missing range check in bitmap_ip_uadt
Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-52558
Planet Technology Planet WGS-804HPT Integer Underflow
Description: The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (5 months ago)

CVE-2024-52533
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient...
Description: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 7th, 2024 (5 months ago)