Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-55659 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-55658 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-55657 |
Description: SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-55652 |
Description: PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-55587 |
Description: python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-55586 |
Description: Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-54745 |
Description: WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-54531 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-54528 |
Description: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-54527 |
Description: This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|