Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54133 |
Description: Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
CVSS: LOW (2.3) EPSS Score: 0.05%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54095 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54094 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54093 |
Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54091 |
Description: A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.
This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54051 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54050 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54049 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS: MEDIUM (6.1) EPSS Score: 0.07%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54048 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS: MEDIUM (5.4) EPSS Score: 0.07%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-54047 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS: MEDIUM (5.4) EPSS Score: 0.07%
December 11th, 2024 (5 months ago)
|