intel.intruder.io
Open in
urlscan Pro
2606:4700:10::6816:2c6e
Public Scan
Submitted URL: http://intel.intruder.io/
Effective URL: https://intel.intruder.io/
Submission: On December 05 via manual from CH — Scanned from CH
Effective URL: https://intel.intruder.io/
Submission: On December 05 via manual from CH — Scanned from CH
Form analysis 0 forms found in the DOM
Text Content
Top CVE Trends & Expert Vulnerability Insights | Intel
Trends
Search...⌘K
CVE TRENDS
Beta
Updated 44 minutes ago
Feeds
AT A GLANCE
HYPEMETER
90100
Current score
Not much chatter
TOP 5 TRENDS TODAY
TRENDING
Top 10 CVEs trending on social media within the last 24 hours.
Trending
Hype score
Published
Description
Last 24 hours
1. show more detail
1
CVE-2024-42448
9
Not available in NVD
2. show more detail
2
CVE-2024-10905
critical 10.0
4
Dec 2, 2024
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and
all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch
levels prior to 8.2p8, and all prior versions allows HTTP access to static
content in the IdentityIQ application directory that should be protected.
3. show more detail
3
CVE-2024-42327
critical 9.9
4
Nov 27, 2024
A non-admin user account on the Zabbix frontend with the default User role,
or with any other role that gives API access can exploit this
vulnerability. An SQLi exists in the CUser class in the addRelatedObjects
function, this function is being called from the CUser.get function which
is available for every user who has API access.
4. show more detail
4
CVE-2024-38193
high 7.8
Exploit known
4
Aug 13, 2024
Windows Ancillary Function Driver for WinSock Elevation of Privilege
Vulnerability
5. show more detail
5
CVE-2024-53844
medium 6.3
4
Nov 26, 2024
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and
manage LLM API bots. A path traversal vulnerability exists in the backup
export functionality of EDDI, as implemented in `RestExportService.java`.
This vulnerability allows an attacker to access sensitive files on the
server by manipulating the `botFilename` parameter in requests. The
application fails to sanitize user input, enabling malicious inputs such as
`..%2f..%2fetc%2fpasswd` to access arbitrary files. However, the **severity
of this vulnerability is significantly limited** because EDDI typically
runs within a **Docker container**, which provides additional layers of
isolation and restricted permissions. As a result, while this vulnerability
exposes files within the container, it does not inherently threaten the
underlying host system or other containers. A patch is required to sanitize
and validate the botFilename input parameter. Users should ensure they are
using version 5.4 which contains this patdch. For temporary mitigation,
access to the vulnerable endpoint should be restricted through firewall
rules or authentication mechanisms.
6. show more detail
6
CVE-2024-12053
high 8.8
1
Dec 3, 2024
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a
remote attacker to potentially exploit object corruption via a crafted HTML
page. (Chromium security severity: High)
7. show more detail
7
CVE-2024-53375
high 8.0
1
Dec 2, 2024
Authenticated remote code execution (RCE) vulnerabilities affect TP-Link
Archer, Deco, and Tapo series routers. A vulnerability exists in the
"tmp_get_sites" function of the HomeShield functionality provided by
TP-Link. This vulnerability is still exploitable without the installation
or activation of the HomeShield functionality.
8. show more detail
8
CVE-2024-42449
high 7.1
1
Dec 4, 2024
From the VSPC management agent machine, under condition that the management
agent is authorized on the server, it is possible to remove arbitrary files
on the VSPC server machine.
9. show more detail
9
CVE-2024-49039
high 8.8
Exploit known
1
Nov 12, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
10. show more detail
10
CVE-2024-8672
critical 9.9
1
Nov 28, 2024
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin
for WordPress is vulnerable to Remote Code Execution in all versions up to,
and including, 4.0.7 via the display logic functionality that extends
several page builders. This is due to the plugin allowing users to supply
input that will be passed through eval() without any filtering or
capability checks. This makes it possible for authenticated attackers, with
contributor-level access and above, to execute code on the server. Special
note: We suggested the vendor implement an allowlist of functions and limit
the ability to execute commands to just administrators, however, they did
not take our advice. We are considering this patched, however, we believe
it could still be further hardened and there may be residual risk with how
the issue is currently patched.
TRENDING
Top 10 CVEs trending on social media within the last 24 hours.
1. show more detail
1
·
CVE-2024-42448
Hype score
9
2. show more detail
2
·
CVE-2024-10905
Hype score
4
·
critical 10.0
3. show more detail
3
·
CVE-2024-42327
Hype score
4
·
critical 9.9
4. show more detail
4
·
CVE-2024-38193
Hype score
4
·
high 7.8
Exploit known
5. show more detail
5
·
CVE-2024-53844
Hype score
4
·
medium 6.3
6. show more detail
6
·
CVE-2024-12053
Hype score
1
·
high 8.8
7. show more detail
7
·
CVE-2024-53375
Hype score
1
·
high 8.0
8. show more detail
8
·
CVE-2024-42449
Hype score
1
·
high 7.1
9. show more detail
9
·
CVE-2024-49039
Hype score
1
·
high 8.8
Exploit known
10. show more detail
10
·
CVE-2024-8672
Hype score
1
·
critical 9.9
This website uses cookies from Intruder to deliver its services and to analyse
traffic. Learn more
OK, got it!Learn more
TRY INTRUDER
© 2024 Intruder Systems Ltd.
AboutPrivacySitemapFeeds