Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52801 |
Description: sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52800 |
Description: veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available.
CVSS: LOW (2.3) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52732 |
Description: Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52725 |
Description: SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52724 |
Description: ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52596 |
Description: SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52503 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52502 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52494 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Varone, Tim Berneman Dynamic "To Top" allows Stored XSS.This issue affects Dynamic "To Top": from 3.5.2 through n/a.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-52493 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|