Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42451 |
Description: A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-4226 |
Description: It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-41156 |
Description: Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. Profiles
can only be exported by authenticated users with higher privilege of write access.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-40717 |
Description: A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-40709 |
Description: A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-40661 |
Description: In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-39219 |
Description: An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-39165 |
Description: QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-39163 |
Description: binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (5 months ago)
|
|
CVE-2024-38277 |
Description: A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (5 months ago)
|