Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-50724 |
Description: KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-50650 |
Description: python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-50649 |
Description: The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-50648 |
Description: yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-50647 |
Description: The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49421 |
Description: Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49420 |
Description: Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49419 |
Description: Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49418 |
Description: Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-49417 |
Description: Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
CVSS: LOW (2.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|