Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8116 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-8058 |
Description: An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-6001 |
Description: An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges.
CVSS: HIGH (8.1) EPSS Score: 0.09%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-5660 |
Description: Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56112 |
Description: CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56087 |
Description: An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56086 |
Description: An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56085 |
Description: An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56084 |
Description: An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.
EPSS Score: 0.04%
December 17th, 2024 (5 months ago)
|
|
CVE-2024-56083 |
Description: Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session.
EPSS Score: 0.05%
December 17th, 2024 (5 months ago)
|