Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10893 |
Description: The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-10484 |
Description: The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-10224 |
Description: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-10074 |
Description: in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-0854 |
Description: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
CVSS: MEDIUM (5.4) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2024-0037 |
Description: In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-5900 |
Description: Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVSS: LOW (3.5) EPSS Score: 0.06%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-52727 |
Description: Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-52345 |
Description: In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed
CVSS: LOW (0.0) EPSS Score: 0.04%
December 4th, 2024 (5 months ago)
|
|
CVE-2023-51796 |
Description: Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 4th, 2024 (5 months ago)
|