Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54674
app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy...
Description: app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54664
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a...
Description: An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context, a different vulnerability than CVE-2024-52945.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54661
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
Description: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54221
WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54158
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
Description: In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

CVSS: LOW (3.5)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54157
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
Description: In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54156
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
Description: In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

CVSS: MEDIUM (4.2)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54155
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
Description: In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54154
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
Description: In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

CVSS: HIGH (8.0)

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (5 months ago)

CVE-2024-54153
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
Description: In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

CVSS: LOW (3.1)

EPSS Score: 0.09%

Source: CVE
December 5th, 2024 (5 months ago)