Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-10716
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
Description: Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10178
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdow...
Description: The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2024-10056
Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode
Description: The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-52357
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect...
Description: Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.

CVSS: LOW (0.0)

EPSS Score: 0.06%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-52335
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
Description: Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.

CVSS: HIGH (7.5)

EPSS Score: 0.26%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-51635
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

CVSS: HIGH (8.8)

EPSS Score: 0.07%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-51634
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
Description: NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-50913
Oxide control plane software before 5 allows SSRF.
Description: Oxide control plane software before 5 allows SSRF.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-49987
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute...
Description: A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)

CVE-2023-48010
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58...
Description: STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (5 months ago)