Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10451 |
Description: A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2.
EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-10270 |
Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
EPSS Score: 0.09%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-10175 |
Description: The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-0232 |
Description: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
EPSS Score: 0.04%
November 28th, 2024 (5 months ago)
|
|
CVE-2024-0217 |
Description: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6832 |
Description: Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
CVSS: MEDIUM (6.0) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6804 |
Description: Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6784 |
Description:
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS: MEDIUM (4.7) EPSS Score: 0.08%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6190 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023.
CVSS: CRITICAL (9.8) EPSS Score: 0.17%
November 28th, 2024 (5 months ago)
|
|
CVE-2023-6021 |
Description: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023
CVSS: HIGH (7.5) EPSS Score: 0.6%
November 28th, 2024 (5 months ago)
|