CyberAlerts

CVE-2024-53566

An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a...

Description: An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53564

An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute...

Description: An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53507

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

Description: A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53506

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

Description: A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53505

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

Description: A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53504

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

Description: A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53484

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.

Description: Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53477

JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

Description: JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53459

Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.

Description: Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-53375

Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the...

Description: Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: