Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-53457

Description: A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-53442

Description: whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52943

Description: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52276

Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52271

Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52270

Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51555

Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51554

Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51551

Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51550

Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)