Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53457
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute...
Description: A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-53442
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
Description: whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52943
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a...
Description: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52276
PDF Document Spoofing in DocuSign
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52271
PDF Document Spoofing in Documenso
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-52270
PDF Document Spoofing in DropBox Sign(HelloSign)
Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51555
Force Change of Default Credentials
Description: Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51554
off-by-one-error
Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51551
Default Credentials
Description: Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)

CVE-2024-51550
Data Validation / Sanitization
Description: Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
December 6th, 2024 (6 months ago)