Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-39712 |
Description: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-39711 |
Description: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-39710 |
Description: Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-38656 |
Description: Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-12007 |
Description: A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in code-projects Farmacia 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /visualizar-produto.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53786 |
WordPress Cowidgets – Elementor Addons plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-53778 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-53767 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixobe Pixobe Cartography allows DOM-Based XSS.This issue affects Pixobe Cartography: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-11699 |
Description: Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-53757 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest allows Stored XSS.This issue affects WP Find Your Nearest: from n/a through 0.3.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|