Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52497 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52496 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52495 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.
CVSS: HIGH (8.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52490 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52481 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52475 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52474 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52283 |
|
|
CVE-2024-5148 |
Description: A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-49503 |
Description: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|