Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38503 |
Description: When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.
Users are recommended to upgrade to version 3.0.8, which fixes this issue.
EPSS Score: 0.06%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-38344 |
Description: A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-37476 |
Description: Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-37222 |
Description: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.9.10.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-34055 |
Description: Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-33117 |
Description: crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-32916 |
Description: In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-31867 |
Description: Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-30129 |
Description: The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-29857 |
Description: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
CVSS: LOW (0.0)
December 7th, 2024 (6 months ago)
|