Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11949 |
Description: GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24331.
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11948 |
Description: GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11947 |
Description: GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029.
CVSS: HIGH (8.8) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11872 |
Description: Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11840 |
Description: The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks.
CVSS: HIGH (7.1) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11737 |
Description: CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of
confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11597 |
Description: Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11401 |
Description: Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11351 |
Description: The Restrict – membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11008 |
Description: The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|