Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52335 |
Description: A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52324 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52320 |
Description: The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51815 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51727 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51615 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50677 |
Description: A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50404 |
Description: A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50403 |
Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: LOW (2.1) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50402 |
Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: LOW (2.1) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|