Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-47854 |
Description: An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-4766 |
Description: Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 126.
CVSS: LOW (0.0) EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47257 |
Description: Florent ThiƩry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network.
Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47250 |
Description: Out-of-bounds Read vulnerability in Apache NimBLE.
Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
EPSS Score: 0.05%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47249 |
Description: Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47248 |
Description: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE.
Specially crafted MESH message could result in memory corruption when non-default build configuration is used.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-47138 |
Description: The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45877 |
Description: baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45755 |
Description: An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-45369 |
Description: The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.
CVSS: HIGH (8.1) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|