CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1283 |
Description: The Dingtian DT-R0 Series is vulnerable to an exploit that allows
attackers to bypass login requirements by directly navigating to the
main page.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 14th, 2025 (4 months ago)
|
|
CVE-2025-1270 |
Description: Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/ha_datos_hermano.php” endpoint to refer to another user. In addition, the first request could also allow the attacker to impersonate other users. As a result, all requests made after exploitation of the IDOR vulnerability will be executed with the privileges of the impersonated user.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
February 14th, 2025 (4 months ago)
|
|
CVE-2025-1127 |
Description: The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
February 14th, 2025 (4 months ago)
|
|
CVE-2025-0896 |
Description: Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-7102 |
Description: An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-6913 |
Description: Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-6912 |
Description: Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.15%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-5217 |
Description: ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS: CRITICAL (9.2) EPSS Score: 94.59%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-5171 |
Description: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers:
* Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
* Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
February 14th, 2025 (4 months ago)
|
|
CVE-2024-4879 |
Description: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS: CRITICAL (9.3) EPSS Score: 95.01%
February 14th, 2025 (4 months ago)
|