| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-12236 | Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration | Google Cloud Platform | Vertex Gemini API | 中危 | - | 2024-12-10 15:07:40 | Deep Dive |
| CVE-2024-47585 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | Medium | 4.3 | 2024-12-10 00:12:30 | Deep Dive |
| CVE-2024-32732 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform | SAP_SE | SAP BusinessObjects Business Intelligence platform | Medium | 5.3 | 2024-12-10 00:11:34 | Deep Dive |
| CVE-2024-12369 | Elytron-oidc-client: oidc authorization code injection | - | - | Medium | 4.2 | 2024-12-09 20:53:09 | Deep Dive |
| CVE-2024-11444 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion | cluevo | CLUEVO LMS, E-Learning Platform | Medium | 4.3 | 2024-12-06 08:24:50 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-45717 | SolarWinds Platform Cross- Site Scripting Vulnerability | SolarWinds | SolarWinds Platform | High | 7.0 | 2024-12-04 07:05:58 | Deep Dive |
| CVE-2024-12099 | Dollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post Disclosure | getdollie | Dollie AI – Connect | Medium | 4.3 | 2024-12-04 03:37:41 | Deep Dive |
| CVE-2024-5890 | HTML Injection in the Assessment plugin | ServiceNow | Now Platform | Medium | 4.3 | 2024-12-02 18:24:56 | Deep Dive |
| CVE-2024-52959 | iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection') | Galaxy Software Services Corporation | iota C.ai Conversational Platform | - | - | 2024-11-27 05:23:11 | Deep Dive |
| CVE-2024-52958 | iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature | Galaxy Software Services Corporation | iota C.ai Conversational Platform | - | - | 2024-11-27 05:22:48 | Deep Dive |
| CVE-2024-8676 | Cri-o: checkpoint restore can be triggered from different namespaces | - | - | High | 7.4 | 2024-11-26 19:15:48 | Deep Dive |
| CVE-2024-10878 | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting | smub | Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | Medium | 6.1 | 2024-11-26 17:32:11 | Deep Dive |
| CVE-2024-10492 | Keycloak-quarkus-server: keycloak path trasversal | - | - | 低危 | - | 2024-11-25 07:37:31 | Deep Dive |
| CVE-2024-10451 | Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process | Red Hat | Red Hat build of Keycloak 24 | Medium | 5.9 | 2024-11-25 07:37:05 | Deep Dive |
| CVE-2024-10270 | Org.keycloak:keycloak-services: keycloak denial of service | - | - | Medium | 6.5 | 2024-11-25 07:37:05 | Deep Dive |
| CVE-2024-9666 | Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability | - | - | Medium | 4.7 | 2024-11-25 07:29:52 | Deep Dive |
| CVE-2024-6538 | Openshift-console: openshift console: server-side request forgery | - | - | Medium | 5.3 | 2024-11-25 06:15:13 | Deep Dive |
| CVE-2024-11483 | Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5 | - | - | Medium | 5.0 | 2024-11-25 03:54:34 | Deep Dive |
| CVE-2024-9257 | Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability | Logsign | Unified SecOps Platform | 中危 | - | 2024-11-22 21:02:49 | Deep Dive |