Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52558 |
Description: The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52533 |
Description: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52335 |
Description: A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52324 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-52320 |
Description: The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51815 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51727 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-51615 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50677 |
Description: A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-50404 |
Description: A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|