CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.

Displaying vulnerabilities 71 - 77 of 77 in total

CVE-2024-3393	PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. CVSS: HIGH (8.7) EPSS Score: 0.78% December 27th, 2024 (4 months ago)
CVE-2024-12356	Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. CVSS: CRITICAL (9.8) EPSS Score: 1.3% December 19th, 2024 (4 months ago)
CVE-2024-49138	Windows Common Log File System Driver Elevation of Privilege Vulnerability Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS: HIGH (7.8) EPSS Score: 0.05% December 10th, 2024 (4 months ago)
CVE-2024-51378	getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and... Description: getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. CVSS: CRITICAL (10.0) EPSS Score: 23.11% December 4th, 2024 (4 months ago)
CVE-2024-11667	A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series... Description: A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. CVSS: HIGH (7.5) EPSS Score: 18.85% December 3rd, 2024 (5 months ago)
CVE-2023-45727	Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and... Description: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. CVSS: LOW (0.0) EPSS Score: 23.62% December 3rd, 2024 (5 months ago)
CVE-2024-11680	ProjectSend Unauthenticated Configuration Modification Description: ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. CVSS: CRITICAL (9.8) EPSS Score: 46.82% December 3rd, 2024 (5 months ago)