CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11482 |
Description: A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.
CVSS: CRITICAL (9.8) EPSS Score: 0.85% SSVC Exploitation: none
March 18th, 2025 (3 months ago)
|
|
Description: A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
CVSS: CRITICAL (10.0) EPSS Score: 0.1%
March 18th, 2025 (3 months ago)
|
|
CVE-2024-8997 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025.
CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none
March 18th, 2025 (3 months ago)
|
|
CVE-2024-23786 |
Description: Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.
CVSS: CRITICAL (9.3) EPSS Score: 1.89% SSVC Exploitation: none
March 18th, 2025 (3 months ago)
|
|
CVE-2024-23943 |
Description: An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
CVSS: CRITICAL (9.1) EPSS Score: 0.07%
March 18th, 2025 (3 months ago)
|
|
Description: Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1398
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-xmvv-w44w-j8wx
CVSS: CRITICAL (10.0) EPSS Score: 0.01%
March 17th, 2025 (3 months ago)
|
|
CVE-2024-21014 |
Description: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS: CRITICAL (9.8) EPSS Score: 0.58% SSVC Exploitation: none
March 17th, 2025 (3 months ago)
|
|
CVE-2025-1398 |
Description: Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.
CVSS: CRITICAL (10.0) EPSS Score: 0.01%
March 17th, 2025 (3 months ago)
|
|
CVE-2024-21010 |
Description: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS: CRITICAL (9.9) EPSS Score: 0.48% SSVC Exploitation: none
March 17th, 2025 (3 months ago)
|
|
|
Description: A Privilege Escalation through a Mass Assignment exists in Camaleon CMS
When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2304
https://www.tenable.com/security/research/tra-2025-09
https://github.com/owen2345/camaleon-cms/pull/1109
https://github.com/owen2345/camaleon-cms/commit/179fd6b1ecf258d3e214aebfa87ac4a322ea4db4
https://github.com/owen2345/camaleon-cms/releases/tag/2.9.1
https://github.com/advisories/GHSA-rp28-mvq3-wf8j
CVSS: CRITICAL (9.4) EPSS Score: 0.06%
March 17th, 2025 (3 months ago)
|