Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21414
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-21398
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-21331
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-21317
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-21308
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-21303
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Description: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: HIGH (8.8)

EPSS Score: 0.16%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-12323
turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page'
Description: The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link while logged in to turboSMTP.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-12286
MOBATIME Network Master Clock has a use of default credentials vulnerability
Description: MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-12236
Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration
Description: A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
December 11th, 2024 (5 months ago)

CVE-2024-11973
Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters
Description: The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 11th, 2024 (5 months ago)