Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52475 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52474 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52283 |
|
|
CVE-2024-5148 |
Description: A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and key can be exposed to unauthorized users. This flaw allows a malicious user on the system to take control of the RDP client connection during the login screen-to-user session transition.
EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-49503 |
Description: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-49502 |
Description: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-46939 |
Description: The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
CVSS: LOW (2.4) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38658 |
Description: There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38389 |
Description: There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-38309 |
Description: There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).
If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|