Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53620 |
Description: A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53619 |
|
|
CVE-2024-53555 |
|
|
CVE-2024-53554 |
Description: A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details.
CVSS: HIGH (8.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53425 |
Description: A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53365 |
Description: A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53278 |
Description: Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-53267 |
Description: sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation of KeylessVerifier.verify(). The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged. This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors. The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass. sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality. This issue has been patched in v1.1.0 release with PR #856. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.5) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-52899 |
Description: IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server.
CVSS: HIGH (8.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-52793 |
Description: The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue.
CVSS: MEDIUM (5.1) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|