fedistats
  • Trends
  • Search
  • Topics
  • Nodes
< back

 cvefeed.io

35 148
A chart of hourly posts over the last week (for big screens). A chart of hourly posts over the last week (for small screens).
English(35)
#cti(35) #cve(35) #ioc(35) #recon(35) #threatintel(35) #cybersecurity(35) #threatintelligence(35)

From cvefeed.io

CVE-2024-3379 - "Lunary AI Private Key Unauthorized Regeneration Vulnerability"

1 1

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

13h ago

From cvefeed.io

CVE-2024-3501 - Lunary-AI Lunary Information Disclosure Vulnerability

1 1

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

13h ago

From cvefeed.io

CVE-2024-4343 - Amazon SageMaker PrivateGPT Python Command Injection Vulnerability

1 1

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()`...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

13h ago

From cvefeed.io

CVE-2024-9693 - GitLab CE/EE Kubernetes Agent Authorization Bypass

1 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

21h ago

From cvefeed.io

CVE-2024-9832 - Philips Ventilator Login Brute Force Vulnerability

1 1

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

9h ago

From cvefeed.io

CVE-2024-9834 - Medtronic Ventilator Information Exposure Vulnerability

1 1

Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

8h ago

From cvefeed.io

CVE-2024-10571 - Chartify WordPress Chart Plugin Local File Inclusion Vulnerability

1 1

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

20h ago

From cvefeed.io

CVE-2024-10924 - Really Simple Security for WordPress Authentication Bypass

1 1

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

4h ago

From cvefeed.io

CVE-2024-10962 - WordPress WPvivid Plugin PHP Object Injection Vulnerability

1 1

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

17h ago

From cvefeed.io

CVE-2024-10979 - PostgreSQL PL/Perl Environment Variable Overflow Vulnerability

1 1

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user....

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

18h ago

From cvefeed.io

CVE-2024-11120 - GeoVision Command Injection Vulnerability

1 1

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

5h ago

From cvefeed.io

CVE-2024-37285 - Kibana Elasticsearch Deserialization Code Execution Vulnerability (Arbitrary Code Execution)

1 1

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

14h ago

From cvefeed.io

CVE-2024-43091 - "Skia Graphics Library Integer Overflow RCE"

1 1

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

15h ago

From cvefeed.io

CVE-2024-48510 - DotNetZip Directory Traversal Remote Code Execution

1 1

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

17h ago

From cvefeed.io

CVE-2024-50306 - Apache Traffic Server Privilege Escalation Vulnerability

1 1

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

13h ago

From cvefeed.io

CVE-2024-50852 - Tenda Router Command Injection Vulnerability

1 1

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

16h ago

From cvefeed.io

CVE-2024-50853 - Tenda G3 Command Injection Vulnerability

1 1

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

16h ago

From cvefeed.io

CVE-2024-50854 - Tenda G3 Remote Code Execution (Stack Overflow)

1 1

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

16h ago

From cvefeed.io

CVE-2024-50970 - Itsourcecode Online Furniture Shopping Project SQL Injection Vulnerability

1 1

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

16h ago

From cvefeed.io

CVE-2024-52369 - Optimal Access Inc. KBucket Unvalidated File Upload Vulnerability

1 1

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.

#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence

12h ago

(Showing 20 out of 35.)