Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-9404 |
Description: Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service.
This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-8962 |
Description: The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-8894 |
Description: Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
CVSS: HIGH (8.1) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-7488 |
Description: Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6249 |
Description: Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6248 |
Description: Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6247 |
Description: Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of SSIDs embedded in scanned QR codes. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22337.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6246 |
Description: Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-22310.
CVSS: CRITICAL (9.6) EPSS Score: 0.07%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-6232 |
Description: There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVSS: LOW (0.0) EPSS Score: 0.11%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-54675 |
Description: app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|