CVE & Exploit Intelligence Database

Updated 28m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,223 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,429 researchers

5 results Clear all

CVE-2024-52314 4.9 MEDIUM EPSS 0.00

data.all - Info Disclosure

A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data.

CWE-863 Nov 09, 2024

CVE-2024-52313 4.3 MEDIUM EPSS 0.00

data.all - Info Disclosure

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all.

CWE-639 Nov 09, 2024

CVE-2024-52312 5.4 MEDIUM EPSS 0.00

Data.all - Privilege Escalation

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.

CWE-863 Nov 09, 2024

CVE-2024-52311 6.3 MEDIUM EPSS 0.00

Data All - Auth Bypass

Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.

CWE-613 Nov 09, 2024

CVE-2024-10953 4.3 MEDIUM EPSS 0.00

Amazon Data.all < 2.6.1 - Incorrect Authorization

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.

CWE-863 Nov 09, 2024