Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-11158
Rockwell Automation Arena® Uninitialized Vulnerability
Description: An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-11156
Rockwell Automation Arena® Out of Bounds Write Vulnerability
Description: An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-11155
Rockwell Automation Arena® Use After Free Vulnerability
Description: A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-11148
OpenBSD httpd(8) null dereference
Description: In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10937
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure
Description: The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10933
OpenBSD readdir directory traversal
Description: In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.

CVSS: MEDIUM (4.1)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10881
LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description: The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10848
NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10777
AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
Description: The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10716
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
Description: Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)