Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-27184 |
Description: Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
CVSS: LOW (0.0) EPSS Score: 0.06%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-26337 |
|
|
CVE-2024-26258 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-25579 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-24449 |
Description: An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-23910 |
Description: Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-22117 |
Description: When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
CVSS: LOW (2.2) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-21798 |
Description: ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-21726 |
Description: Inadequate content filtering leads to XSS vulnerabilities in various components.
CVSS: LOW (0.0) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|
|
CVE-2024-20308 |
Description: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading.
This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..
CVSS: HIGH (8.6) EPSS Score: 0.04%
November 27th, 2024 (5 months ago)
|